Re: [Privacy-pass] Roman Danyliw's Discuss on draft-ietf-privacypass-protocol-14: (with DISCUSS and COMMENT)
Roman Danyliw <rdd@cert.org> Sat, 23 September 2023 18:04 UTC
Return-Path: <rdd@cert.org>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2F65C14CE40; Sat, 23 Sep 2023 11:04:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id avJZ3NpSP237; Sat, 23 Sep 2023 11:04:54 -0700 (PDT)
Received: from USG02-CY1-obe.outbound.protection.office365.us (mail-cy1usg02on0121.outbound.protection.office365.us [23.103.209.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5204C14CE22; Sat, 23 Sep 2023 11:04:52 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=zVlB/7BJ6jT/XW/WwmQfYQAH1ftYVHBuwkv83OwQqVqvRTtFkU31dAdi/N83nV4dQKSqgP2jV1HhJKpxYtGhRLnIHLRCYNtqhAtAY1BaA6fK5VEDgwBKf+1dYOUcZBcVihWiqgBfkf4W75zLVYl1WrXIRGPCEqAFBuqgqeP5tb0PrUhR7kuhwxyVoJbEEiU7RFPmUV7reYWFt3aJQI9fMnBUqv+81eDCb6W/UsM1zZQy6DOdqLD2SZBOrhwKgAGy8MX2tGnznUci/9UC5RZumopeuSeH8ZcaKuzsPOdiPwZBBCkfY4LJkiOYVd8IfyHus2Ntv3oaDhtAO8NMmgVDlg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=15JUqLct4D4X+U1vLZgJPf1u8lEDcD697LeTJLhes84=; b=SN1Iqv9y/w0cgwf1WVUltxgJcllHoH2iWf+pgNnuAi83p9KGn36ZqoaQbNkwVflSFicVGV6LTiTETbtFoJnlBrKLKVp2uFyMJ+rN/1ZxKBGKjFI6b1FyOQF4TYt7e1VsYMvmr8NHKS+T28V+1VmCSfe1GI4O9e/tqV1+S2MRuIQNITvqUVnHYDBqapF5ZVkH+Y1zrxLpb5Aaswo6HfplmDhxpKLrBOgHWPualQfSNe4CMe+vMaIf4S4t32Z2k4QiXSeYkAiSsSkCUBSd0LJLL6djF3ZMOd69qzBb4ql0HcA1+9JeDptKQTpl+aacCzHfO2ln8lbCC765v0OXhMqpUA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=15JUqLct4D4X+U1vLZgJPf1u8lEDcD697LeTJLhes84=; b=bl9L99AXAjGB7PhezvXEwOF/qlzMxrMQsmulpzwhYm21zWhF2F8Vg+Ci/3sZWFUewd+MhaA4RPS9cJH0lyJaits4WSbe42Rr8Z/TlAM8xYPfzAQU6ng1wqlkEJqMc2E+KFl2C3tFZyty1sDBQRVcAohwV6w4CehR2TIuQ3P7gIY=
Received: from BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:168::11) by BN2P110MB1670.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:178::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6792.31; Sat, 23 Sep 2023 18:04:49 +0000
Received: from BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM ([fe80::e24e:62a:9291:83dd]) by BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM ([fe80::e24e:62a:9291:83dd%4]) with mapi id 15.20.6792.026; Sat, 23 Sep 2023 18:04:49 +0000
From: Roman Danyliw <rdd@cert.org>
To: Christopher Wood <caw@heapingbits.net>
CC: The IESG <iesg@ietf.org>, "draft-ietf-privacypass-protocol@ietf.org" <draft-ietf-privacypass-protocol@ietf.org>, "privacypass-chairs@ietf.org" <privacypass-chairs@ietf.org>, "privacy-pass@ietf.org" <privacy-pass@ietf.org>, "jsalowey@gmail.com" <jsalowey@gmail.com>
Thread-Topic: Roman Danyliw's Discuss on draft-ietf-privacypass-protocol-14: (with DISCUSS and COMMENT)
Thread-Index: AQHZ7A/FkwlR+qSuIEeL/6eJ1AECMrAnWjOAgAFaygA=
Date: Sat, 23 Sep 2023 18:04:48 +0000
Message-ID: <BN2P110MB11070B26B36A53810B3AA500DCFEA@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
References: <169524803666.14540.17472223836902353053@ietfa.amsl.com> <00708A2B-C8B9-44EE-B913-50B42E048796@heapingbits.net>
In-Reply-To: <00708A2B-C8B9-44EE-B913-50B42E048796@heapingbits.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN2P110MB1107:EE_|BN2P110MB1670:EE_
x-ms-office365-filtering-correlation-id: fcdafad5-a484-4aad-5abb-08dbbc5f93c1
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: I3dPs8ILG9ToM+G7xcJN5aPZQbmTHoMaSkQgSgkyUvcykxfhQm7nA53JIBiN2ZAspZ+0K6LVArJM4Ww2qHsceBdKsfkM3KqXbhZQjio5V2CWn5ZPFtswzNw4w/6Ke74QcaoOkcjY5C/x898gPLoaxBnCdHA8NFb5ImgfjJhnbDaMWD3vMGNAH7QCgjY2VANUv705kqj5cLDSrKEhMjOAVpuaMKJvuArlDXN0E/rZIyKOaFVxpz4syp95hozRunrOFMj1u7oqRgMHNmm57l/xz6Pr3IUJXdI4V/AzQym7EFPD8S3+dir1kXsKEI1W9y0kJDHPBgB1H4ayMhl7q7IxBxUMQOPqgcs7UMc/upB91czrRWQv26BPV93sUBBZQmAuhDen4txNQhorc0Ofg7iX/QHhUM9JpmASUHemqgY9MVcEV5na3HiP19VhwwXyi3DNAI2xNOuKiJblzEEC/5u+jeoq1jC/A35TX0A6aGRmw0GdGE4vHlN4p8QGhYaUW6f9KM/VvjEBT2ffOrc83fdRzcc9FIWfN352n6yg+YgHORdvD9kwuf48SkXFqjYzhtE8R86njal8B5RQABUzY0ROJ+F3dlNgsimAyhasRdhf63Q=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(39830400003)(366004)(396003)(136003)(230922051799003)(186009)(1800799009)(451199024)(55016003)(66899024)(71200400001)(6916009)(6506007)(166002)(7696005)(9686003)(26005)(53546011)(41300700001)(82960400001)(66946007)(66446008)(38070700005)(66556008)(54906003)(66476007)(38100700002)(64756008)(122000001)(966005)(508600001)(76116006)(41320700001)(2906002)(83380400001)(4326008)(5660300002)(52536014)(8676002)(86362001)(8936002)(33656002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: ZHzyc7S+7+1L9uOeI7bX6FIvdP63SBL9XanjG9SX1R1PmZiZtlDGNqFx8AXT6kr4zsNTJ+6uIwrz3b9s2JEfoMPqCEIt4TsbeekowqIuvrlARjTq5TM3za/5qMO/gGxtoz78+EtN8fyWw+AD+Mno+gSa5UP+IHFsCtEFDIXR2vwMMdR6oeRQZUlzJGmGp8GpNumli2lfLWg8GV9GBToSNKCIJNhrYYAnDeUpee+Sp2ST05Y1WLjEeszo5NgVSRCvwqDSRuzd50ov3w6HYTpZwJl/VPe9aoFT5ka9WcApAxVRTmcHXJLQdE6Zcp5aXTdWwqAvRTrm3FQ8UqjLskjqfI3zwOd4mySmkBlDavz8VrhtJ1wKZBYxyLv0FFSaxmXxLn2AcFi+cRgNvNsEQYJSFHVIGldIqrRpbUoteM5xTLAHre864RuBCWY44rB5U/L0yg/JRfSGVxrZ6pGgPiFC/oQ3iDy4KMDOBKzMuxhARfoiWlaQ6rKdCSYi77iR5ZVnIL5fSUAqr9VBw1Gj097r5fxCuByc11KyvZcLSayTFc9hrKtK+FvhE/HGcOR2Aw1PS6jvmk6imsy4w73H6YI5CoduiV6CR47yv7vayYM3lQ4PNNfebwZhjIGXDvs2TtDnFTQlL//+Ug+CCp1zQCtLUPxRAqFL7nXQYtBsgukoatOnd5jrs8Mf3KxCGnjA6i/a+ZHtbwWkXPTsLtqP6bEG+ue8qhLUkU8uB7xlRDqdA1oo/1UoptVfHmxZ+xPXqSZVn5wVMZuWDzEDQQw1hnampbnb0dUuWIXmaTFKR2uSjD4IEORK/2hn2lHYMBS1PMWxNxrgEYeeWY9Hbt2X7NtU6B4o+7I0AG/AGsFRUcOAWdPis5+cZsDZBaAe/VxzDs9Jam6bnrajBDAdk4A/kFOdsaS4k7LeXfEV4MTJ476UFE6qzVW46L582krJ9+SrjGK/UoqOc+SstxZQOhu48iTPjl0p77HI1tuoHCBxdt3BB84IImlbny6QMAWVc/U6r6vn/AJvLbqcxP1OyzYZUuW+Iuq7pVdVOnHL2gs5iJqIvGKByPXD8RznKZj+u0ecO+tmGsZtL6Wv2kvRQSnZhJOisYfRHk9VfADro5+q5H4lWmtaAvI/jkCTXCi/nhADjhyY/eRcHLy549oAmCAhCXbb5TKY2DC7b0OpoRGzAMI+fZCex9GcvAtW1vkLCP2UFxJjFtdoyVRgP/xREuDKxm4gt7sZQ9O9GIfbfTgAj5xLcD8hTaEVZ0cVHV5zi3jYrih1+zQfw1S+6zqul6QJ+JI20eXDb/yGj3MeQkOep3M2xgekiqoGBBqL/l2Ctlq3xgvbv4KtJ/XnPFtVDlhEoudPIcSK4Trk2NuUoHMpcUZbnVczo3fu+9WLRZavl1nDGcZbadgZ2O+l3spH8XpNPEdvvqjEwQIEbD4zblssTsm06ZbZRiDAdz2sifB+b9YTQHPHeMnY03lZ2bqlW1bHMFCBVpuNEG/lYPPIjtsMl8UiDyY=
Content-Type: multipart/alternative; boundary="_000_BN2P110MB11070B26B36A53810B3AA500DCFEABN2P110MB1107NAMP_"
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: fcdafad5-a484-4aad-5abb-08dbbc5f93c1
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Sep 2023 18:04:48.9569 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN2P110MB1670
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/OauuwX5lnblQaUkBp5PrH5CD8Wg>
Subject: Re: [Privacy-pass] Roman Danyliw's Discuss on draft-ietf-privacypass-protocol-14: (with DISCUSS and COMMENT)
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Pass Protocol <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Sep 2023 18:04:58 -0000
Hi Chris! Thanks for the quick follow-up explanations and pull request. The latter looks good to me for merge and addressing my feedback. I bit more inline … From: Christopher Wood <caw@heapingbits.net> Sent: Friday, September 22, 2023 5:10 PM To: Roman Danyliw <rdd@cert.org> Cc: The IESG <iesg@ietf.org>; draft-ietf-privacypass-protocol@ietf.org; privacypass-chairs@ietf.org; privacy-pass@ietf.org; jsalowey@gmail.com Subject: Re: Roman Danyliw's Discuss on draft-ietf-privacypass-protocol-14: (with DISCUSS and COMMENT) Thanks for the thorough review, as always, Roman. We addressed your comments in the following PR: https://github.com/ietf-wg-privacypass/base-drafts/pull/494 Please see inline below for responses to specific feedback. Best, Chris On Sep 20, 2023, at 6:13 PM, Roman Danyliw via Datatracker <noreply@ietf.org<mailto:noreply@ietf.org>> wrote: Roman Danyliw has entered the following ballot position for draft-ietf-privacypass-protocol-14: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-privacypass-protocol/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Two things related to references ... ** Section 7. Given the deferment of security and privacy considerations to [ARCHITECTURE] and [CONSISTENCY], both seem to be a normative references. Making the architecture a normative reference seems fine, but the referenced consistency document doesn’t rise to the same bar. That document provides guidance for how someone might implement a consistency mechanism, but it doesn’t actually specify a protocol. In this way, I consider it to be an informational reference. [Roman] Re-reading the details of [CONSISTENCY] I agree -- I was wrong here, thanks for explaining. I was largely keying on the language used to introduce this reference which seemed to suggest a relevance that it didn’t have (i.e., “Notable considerations include those pertaining to Issuer Public Key rotation and consistency, where consistency is as described in [CONSISTENCY<https://datatracker.ietf.org/doc/html/draft-ietf-privacypass-key-consistency-01>], and Issuer selection”). ** The reference for the format of SPKI (for RSA key material) doesn’t seem right based on my read of the ASN.1 references. -- Section 6.5 The key identifier for a keypair (skI, pkI), denoted token_key_id, is computed as SHA256(encoded_key), where encoded_key is a DER-encoded SubjectPublicKeyInfo (SPKI) object carrying pkI. The SPKI object MUST use the RSASSA-PSS OID [RFC5756], which specifies the hash algorithm and salt size. -- Section 8.2.2 says: * Token Key Encoding: Serialized as a DER-encoded SubjectPublicKeyInfo (SPKI) object using the RSASSA-PSS OID [RFC5756] SubjectPublicKeyInfo (SPKI) seems to be defined in RFC5280. Additionally, RFC 4055 provides the “algorithm” OBJECT IDENTIFIER as id-RSASSA-PSS, “parameters” are RSASSA-PSS-params, and the “subjectPublicKey” is RSAPublicKey. Wow, indeed, the current references do not seem correct! I believe the PR correctly references the necessary definitions, and also makes an attempt to use the proper terms. I will ask for review from people more familiar with the X.509 details to ensure it’s correct and matches what is deployed today. [Roman] Sounds like a plan. Credit to Russ Housley too who I had double check my suspicion about the ASN.1. [snip] ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- [snip] ** Appendix B.2. Test Vector #2. I had trouble verifying the token of the second test vector in the example. I didn’t try any other example. I tried the following: What are you trying to do here? The token is a Token structure, which openssl won’t be able to parse. Are you trying to verify the signature of the token using the public key in the test vector? [Roman] I mistakenly was interpreting that this token is simple SPKI structure (which this is not). Thanks for clarifying my issue. Thanks, Roman
- [Privacy-pass] Roman Danyliw's Discuss on draft-i… Roman Danyliw via Datatracker
- Re: [Privacy-pass] Roman Danyliw's Discuss on dra… Christopher Wood
- Re: [Privacy-pass] Roman Danyliw's Discuss on dra… Roman Danyliw