IETF Logo Mail Archive

Re: [Privacy-pass] New drafts for IETF107

Steven Valdez <svaldez@google.com> Mon, 02 March 2020 14:28 UTC

Return-Path: <svaldez@google.com>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A6993A0784 for <privacy-pass@ietfa.amsl.com>; Mon, 2 Mar 2020 06:28:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t_vVG0rh51uq for <privacy-pass@ietfa.amsl.com>; Mon, 2 Mar 2020 06:28:23 -0800 (PST)
Received: from mail-oi1-x22e.google.com (mail-oi1-x22e.google.com [IPv6:2607:f8b0:4864:20::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A2E4A3A077D for <privacy-pass@ietf.org>; Mon, 2 Mar 2020 06:28:23 -0800 (PST)
Received: by mail-oi1-x22e.google.com with SMTP id l12so10414688oil.9 for <privacy-pass@ietf.org>; Mon, 02 Mar 2020 06:28:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=/nJFPwO5yxkcnXga5NG0UP06FqIDqHvGN+z57blqXVA=; b=kuay2R3n959ZClH6OhsWBqshw06Ps7W2B/9RJ08un6E3MBu58RXp+CAb7VgCa9qmxw VeeVNuJMto3YA/ORdhoy1Vf3IYSUIxPlIlhe5eLPN2xw60vuogP6i0266bRqqyfqouy0 CW+0jwCfT9nAZyc0/Bcns13OOgJ+RVifnkF58f3lGYe/ndKu1+I0Iw++GPeGPYGYABYV 1fHottl6RU+mK5Ri3ka2VaJNIi08d1FXH1XntRKYRRNOxSa7LpRLjrPFxw96APxTEBVY 3UFWa/bXS9hopnx3JF5+dfqkC369fq2cBMZaQjiitR7VVjyoXpWyWvmhBgAweTq+VsTf EtRg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=/nJFPwO5yxkcnXga5NG0UP06FqIDqHvGN+z57blqXVA=; b=uRZjm8ygrJ/46Axg19xNNcuF+JBpsAOulzLApSCX2A7EJNIDQT4zoNbLz2zC3V8PEW qyxHGIjwHvT+0HRHPWZqqkEviKwBTT/oerX/pdMkcymvefGXHrcaM8wBpa2I8rSn3oB6 pmXBb/SM1m6m6nDFWJRYO4MLnwhfxELErcz0nnb0zN9yeU0nFOaPXYMvbY4nabZ8VUF9 JFkz5tK5NmNXzNaPqKFZRcFLmGTcvASaaT+4XYIgwoU74GK9vReTfHwnDoNiu+p6rHpj +zy6CphcNSI4KP3QYLOa9adBuKV9f+DHbXv1wT5Wjqaw5QoELMK3Bq6gzYtJxHcNeOXj gvTA==
X-Gm-Message-State: APjAAAXWdH28Q8nBsazxn/OKAF7pf0lYHB7pRfvYTV8PeSTbOGuNlib5 AemDFetW14lZ64I9OhamGjrk9qfLdlGwu4Z/M/9hNtYy
X-Google-Smtp-Source: APXvYqw4CfPNkY0O8HJNqap/NVmTpypLUK2FJcOEUV4bzNRTRe2pilAtYPMvV4oXIOcSoBpbDjFWhbA/NpfjeMkQ3P4=
X-Received: by 2002:aca:130c:: with SMTP id e12mr7991705oii.122.1583159302648; Mon, 02 Mar 2020 06:28:22 -0800 (PST)
MIME-Version: 1.0
References: <62860787-70C2-4B39-BC6B-B0A83DDCD824@cloudflare.com> <CANduzxDCEi3izVM49EmTwyLf=LNpO1dTPqb6JmO7zxaHPTCaTg@mail.gmail.com> <1F946C3A-D194-435E-9A0F-2388C70324C3@cloudflare.com> <38505538-5FC5-4496-BD80-760C6071BD01@cloudflare.com> <0E23922F-9E2A-4192-B4CA-E8462CC672A2@cloudflare.com> <CANduzxDAKjQion4sUxquu7OHZDbv+PO9+oRRnBYaoAkOrXCicw@mail.gmail.com> <8FBF8C9F-6B9A-4D9D-AF92-0912BCD7A955@cloudflare.com>
In-Reply-To: <8FBF8C9F-6B9A-4D9D-AF92-0912BCD7A955@cloudflare.com>
From: Steven Valdez <svaldez@google.com>
Date: Mon, 02 Mar 2020 09:28:11 -0500
Message-ID: <CANduzxANrL7TBRhPz2vqsS19NCQM45KUPhrUACnGJQ494n-J5w@mail.gmail.com>
To: Alex Davidson <adavidson=40cloudflare.com@dmarc.ietf.org>
Cc: privacy-pass@ietf.org
Content-Type: multipart/alternative; boundary="000000000000dbf5e7059fdfff1e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/UMaHkDFRPMkbPXRbaWdNrmI9dPg>
Subject: Re: [Privacy-pass] New drafts for IETF107
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Mar 2020 14:28:27 -0000

On Mon, Mar 2, 2020 at 6:57 AM Alex Davidson <adavidson=
40cloudflare.com@dmarc.ietf.org> wrote:

> Hi Steven,
>
> Thanks for the feedback.
>
> On 26 Feb 2020, at 15:22, Steven Valdez <
> svaldez=40google.com@dmarc.ietf.org> wrote:
>
> Some initial comments from trying to write the API doc against the
> architecture doc:
>
> - Having config_id and version seems like an odd set of names. config_id
> appears to just be the ciphersuite being used in the protocol, and version
> is the ID of the current set of key commitments.
>
>
> You’re right, perhaps ciphersuite and commitment_id would be better?
>
This seems reasonable naming.

>
> - The supports field seems like it would always contain issue and redeem,
> is there a use case where an set of keys would only ever be used for one or
> the other?
>
>
> This is true, I was mainly leaving this open in case there were extensions
> that split the server functionality. For example, if we go down the public
> verifiability route, then it would be conceivable that only “redeem” would
> be supported?
>
I assume you mean only "issue" in the public verifiability case?  But seems
reasonable for extensibility.

>
> - The revoked scheme seems a bit weird (modifying previous keysets after
> the fact) and makes it hard to integrate with something like an append-only
> log. Wouldn't it be easier to just use to have a set of fields at the top
> level (under server_id) that list which keys are allowed to issue (always
> the newest key) and redeem (the current and previous keys).
>
>
> I agree with this change, I’ll adopt this in a new version of the draft.
>
>
>
> On Fri, Feb 21, 2020 at 12:15 PM Alex Davidson <adavidson=
> 40cloudflare.com@dmarc.ietf.org> wrote:
>
>> I’ve now pushed a WIP draft for the architecture
>> document (draft-davidson-pp-architecture) to the same repo (
>> https://github.com/alxdavids/privacy-pass-ietf/tree/master/drafts)..
>> There are a lot of TODOs still to address and I’m away for the next week,
>> but I’m going to pick it back up when I return. Still aiming to have
>> something submitted by the IETF 107 draft deadline on 9 March.
>>
>> The pp-protocol document is not currently very prescriptive about the
>> data formats of each of the types that are sent in protocol messages etc.
>> This is something that I am going to start addressing and, ideally, I’m
>> going to rewrite to be consistent with the TLS presentation language [
>> RFC8446 <https://tools.ietf.org/html/rfc8446>] for compiling everything
>> into standard formats (as it is also done in MLS,
>> https://tools.ietf.org/html/draft-ietf-mls-protocol-08).
>>
>> Both drafts are still at a very early stage and so all feedback and
>> contributions are very welcome (either here on the mailing list, or as
>> GitHub issues/PRs are fine).
>>
>> Alex
>>
>> On 12 Feb 2020, at 17:35, Alex Davidson <adavidson@cloudflare.com> wrote:
>>
>> Hi all,
>>
>> I’ve taken an initial stab at a draft for the generic protocol overview
>> at
>> https://github.com/alxdavids/privacy-pass-ietf/blob/master/drafts/draft-davidson-pp-protocol/.
>> I refactored out most of the stuff from the existing draft-privacy-pass
>> doc. The biggest change is that I decided to go with a wrapper API around
>> the VOPRF API for constructing the protocol. I then provide a specific
>> implementation of this API using the VOPRF protocol. I think this will help
>> when devising extensions to the protocol as it will enable others to
>> either: modify the VOPRF API that is used, or to just modify the way that
>> the PP API is implemented altogether (in situations that may not use
>> VOPRFs, such as in the case of public verifiability).
>>
>> Some other things/questions to consider:
>>
>> - I avoided any of the discussions around the architecture required for
>> maintaining client privacy, this includes how key rotation works. I decided
>> that these considerations are beyond the scope of the generic protocol
>> description, but happy to hear contrasting opinions?
>> - The extension policy could probably do with some work. Since the
>> privacy considerations will be in a separate document, currently I am
>> assuming that any proposed extension satisfies the policies that will exist
>> in each of the core three documents.
>> - Is the proposed API suitable? Are there any concerns for potential
>> extensions using this API?
>> - I had to define some specific functionality for interacting with the
>> groups used in the VOPRF implementation. Perhaps these can be moved to the
>> VOPRF draft?
>> - The provision of the security guarantees are lifted from
>> https://petsymposium.org/2018/files/papers/issue3/popets-2018-0026.pdf
>> <https://petsymposium.org/2018/files/papers/issue3/popets-2018-0026...pdf>
>>  and https://eprint.iacr.org/2020/072.pdf on the basis that the API
>> implements the same protocol when using the VOPRF from
>> draft-irtf-cfrg-voprf. This should probably be verified.
>> - There are some minor TODOs that need to be fixed, such as links to
>> non-existent drafts.
>>
>> I’ll start putting something together for the architecture document.
>>
>> Cheers,
>> Alex
>>
>> On 6 Feb 2020, at 17:41, Alex Davidson <adavidson@cloudflare.com> wrote:
>>
>> Hi Steven,
>>
>> On 6 Feb 2020, at 15:22, Steven Valdez <
>> svaldez=40google.com@dmarc.ietf.org> wrote:
>>
>> Yeah, it makes sense not to wait for the BoF to start iterating on
>> initial docs. Are you planning on putting the split document in a git repo
>> somewhere? Might make sense to set up a repo with all the base drafts in
>> one place as separate files (ala the QUIC WG) so that people can file
>> issues/PRs.
>>
>>
>> This is a good idea. I’ve repurposed the repo where I was hosting the
>> draft charter previously to also include a space for working on the drafts
>> here: https://github.com/alxdavids/privacy-pass-ietf/. I’ve placed the
>> original draft-privacy-pass document in the drafts/ folder there, and we
>> can use this space as a single location for contributing to these base
>> drafts. Once a WG is formed, we can move this repo into a specific WG repo.
>>
>>
>> I can take a stab at making a draft with a generic version of the
>> integrations from the Trust Token API as a starting point for the third
>> draft. I think fully specifying it will be dependent on the first two
>> drafts, but having a starting point to feedback into laying out the earlier
>> protocol/architecture descriptions would likely be useful for further
>> iterating on those drafts.
>>
>>
>> This would be helpful, thanks.
>>
>> Alex
>>
>>
>> -Steven
>>
>> On Thu, Feb 6, 2020 at 7:31 AM Alex Davidson <adavidson=
>> 40cloudflare.com@dmarc.ietf.org <40cloudflare..com@dmarc.ietf.org>>
>> wrote:
>>
>>> Since there has been no more feedback on the charter that was proposed,
>>> I think that it may be useful to start work on drafting the three main
>>> documents that make up the protocol specification. Having some initial
>>> write-ups before the BoF @ IETF107 will also help to determine the agenda
>>> for the meeting if there any initial issues that arise from the writing
>>> process.
>>>
>>> These three documents should cover the following:
>>>
>>> - The generic description of the protocol, based on VOPRFs (or similar),
>>> including specification of security considerations, protocol messages and a
>>> framework for introducing extensions.
>>> - The wider architecture for running the protocol: public interfaces,
>>> key rotation, privacy goals, applications, analysis of tracking
>>> potential/incentives for not following protocol.
>>> - The API: specify how privacy pass data is integrated with HTTP
>>> requests/responses, and where key material is stored/how it is accessed.
>>>
>>> Currently there is a single draft document (
>>> https://datatracker.ietf.org/doc/draft-privacy-pass/) that includes
>>> considerations mostly spanning from the first two documents (although it is
>>> also includes some key management specifics). I can start to split this
>>> document into two parts that could be used to initiate the process of
>>> writing the initial drafts covering the first two points.
>>>
>>> The third point is not well specified as of yet, but there are some
>>> applications such as the Trust Token API that integrate with HTTP already:
>>> https://github.com/WICG/trust-token-api.. Perhaps the third document
>>> necessarily needs to succeed the first two? But if anyone would be willing
>>> to start working on this document also, then that would be useful.
>>>
>>> Alex
>>> --
>>> Privacy-pass mailing list
>>> Privacy-pass@ietf.org
>>> https://www.ietf.org/mailman/listinfo/privacy-pass
>>>
>>
>>
>> --
>>
>> Steven Valdez |  Chrome Privacy Sandbox |  svaldez@google.com |
>> 210-692-4742 <(210)%20692-4742>
>>
>>
>>
>>
>>
>
> --
>
> Steven Valdez |  Chrome Privacy Sandbox |  svaldez@google.com |
> 210-692-4742 <(210)%20692-4742>
>
>
>

-- 

Steven Valdez |  Chrome Privacy Sandbox |  svaldez@google.com |
 210-692-4742

v2.23.0 | Report a Bug | By Email