IETF Logo Mail Archive

Re: [Privacy-pass] New drafts for IETF107

Alex Davidson <adavidson@cloudflare.com> Tue, 24 March 2020 12:40 UTC

Return-Path: <adavidson@cloudflare.com>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 616263A09CE for <privacy-pass@ietfa.amsl.com>; Tue, 24 Mar 2020 05:40:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id geojk_DFf7B3 for <privacy-pass@ietfa.amsl.com>; Tue, 24 Mar 2020 05:40:23 -0700 (PDT)
Received: from mail-wr1-x429.google.com (mail-wr1-x429.google.com [IPv6:2a00:1450:4864:20::429]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 747A83A09CC for <privacy-pass@ietf.org>; Tue, 24 Mar 2020 05:40:23 -0700 (PDT)
Received: by mail-wr1-x429.google.com with SMTP id h9so21213899wrc.8 for <privacy-pass@ietf.org>; Tue, 24 Mar 2020 05:40:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=uwl1Gd/6fAzWRtEVjtCFJfT8dcZXo2BLlhaN826HQo8=; b=QVniWIbDRl9ueyHApRy+mc5heixl/cvNHOQezHSKS7t4PL+7BHYhizVM7ssaPZ48rp lWyBenyOLz5CXPs7tVvWyBS9PaVaG5alp5zUH+rQ4rQ3Xdyw8wrV2/9bmzint/YS7lwH md4JsoPp5zhY+a0De9eC7QB7DIWqwbRM0otxk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=uwl1Gd/6fAzWRtEVjtCFJfT8dcZXo2BLlhaN826HQo8=; b=YlB3hMqO6ryp+7mhEcjXKuhaulOcniG1mnZp7LK+97hNHaE5IUHsHGiHa/tenZx9kM Nk0q7bOxBJCqCc4cKqoOCbnyIAjZXdP9tDTNntxEDq69VCidO/2HbbGhBlCRS7htS0XU 4PCwtqvDnwP/tFzAVhWgIGvq0695bgvnXhdcaT7WdqrULK6Oc+mtlqMU1bP8P/eUeZTe lnzWfLfGGsr+1nHk3QR+W5VtmIvRMYC+iOGXUMULxL6b6fUpCy2riyvDGm6dAXoJDNk/ 6JodStKAPXbBGnwQ9O0MvASeYYHMJlQMiyJ2+L43IQrFmcES9caixEltyG6bLHNqzwvd wopQ==
X-Gm-Message-State: ANhLgQ0k5G7CSxFrpNlnTmCJG2iSyiuAC8v3iJXNi7ndHGYGozA/raa4 Eor2eQHSSmIlomrXm2jp7+IemQ==
X-Google-Smtp-Source: ADFU+vtl77XgvG80N/tDwg9iz+W1oVVeL3M+vkqxNsAa+1w22OkZiEqGE5sjxrfnLfl9FFbAffcESg==
X-Received: by 2002:adf:fc4c:: with SMTP id e12mr33368774wrs.265.1585053621634; Tue, 24 Mar 2020 05:40:21 -0700 (PDT)
Received: from ?IPv6:2001:8a0:7ac8:f600:cd7d:85d8:8db:4fa1? ([2001:8a0:7ac8:f600:cd7d:85d8:8db:4fa1]) by smtp.gmail.com with ESMTPSA id b203sm4231992wmc.45.2020.03.24.05.40.20 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 24 Mar 2020 05:40:20 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Alex Davidson <adavidson@cloudflare.com>
In-Reply-To: <ea9feab6-5f7f-f927-bd5f-73ea8a805aa1@riseup.net>
Date: Tue, 24 Mar 2020 12:40:19 +0000
Cc: privacy-pass@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <83D15981-9424-4B31-9DD7-24101E5F370E@cloudflare.com>
References: <62860787-70C2-4B39-BC6B-B0A83DDCD824@cloudflare.com> <CANduzxDCEi3izVM49EmTwyLf=LNpO1dTPqb6JmO7zxaHPTCaTg@mail.gmail.com> <1F946C3A-D194-435E-9A0F-2388C70324C3@cloudflare.com> <38505538-5FC5-4496-BD80-760C6071BD01@cloudflare.com> <0E23922F-9E2A-4192-B4CA-E8462CC672A2@cloudflare.com> <CANduzxDAKjQion4sUxquu7OHZDbv+PO9+oRRnBYaoAkOrXCicw@mail.gmail.com> <8FBF8C9F-6B9A-4D9D-AF92-0912BCD7A955@cloudflare.com> <CANduzxANrL7TBRhPz2vqsS19NCQM45KUPhrUACnGJQ494n-J5w@mail.gmail.com> <4889145F-5FBE-4C6F-83EA-60491426DC56@cloudflare.com> <4A86E6B1-694F-4E4D-A22F-417B690B0BE3@cloudflare.com> <ea9feab6-5f7f-f927-bd5f-73ea8a805aa1@riseup.net>
To: Sofía Celi <cherenkov@riseup.net>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/WlKYz0o6CHIXImb-FRssUVIyl5M>
Subject: Re: [Privacy-pass] New drafts for IETF107
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Mar 2020 12:40:26 -0000

Hi Sofia,

Thanks for taking the time to read through the drafts.

> On 24 Mar 2020, at 06:55, Sofía Celi <cherenkov@riseup.net> wrote:
> 
> Hi, Alex!
> 
> Thanks so much for sending this!
> 
> I have some points after reviewing the documents. I'll first send the
> notes for the draft of the protocol, as I have to put my notes for the
> other ones in place ;)
> 
> The first thing I noticed is that there should be consistency with the
> naming of variables:
> 
> - Sometimes a server is referred as 'server', while other times as
> 'Privacy Pass server'. I think the document always refers to a Privacy
> Pass server; but a reader might think there are two kinds of servers.
> The same for when using 'client' and 'Privacy Pass Client'.
> - Most of the inside values of the defined structs have a
> larger/meaningful name.. so maybe 'ServerUpdate s', should change to
> something else.
> - The struct 'ClientIssuanceInput' has a 'ClientIssuanceProcessing
> client_data' value, which holds inside a 'opaque
> client_data<1..2^32-1>', maybe it will be good to change the name of the
> inside 'client_data', as it can become confused with the external one.
> - I was thinking that maybe all of the structs should be named according
> to who deals with them as 'ClientIssuanceInput' or 'ServerUpdate'. This
> can be applied to 'IssuanceResponse' or 'IssuanceMessage'.
> - Some variables change names, like 'cfg', which can be also 'srv_cfg'
> or 'cli_cfg'. Maybe they should always be called in the right places
> 'srv_cfg' and 'cli_cfg'.
> - There is other naming consistency issues that I can fix on a PR. But
> the idea was to be consistent on them ;)
> 
> - The definition 'Commitment' is defined but never used in the document.

The points that you’ve raised above all make sense to me. If you would be interested in submitting an issue/PR for solving them, that would be really useful and I would be happy to review it.

> 
> - On this section:
> """
> * At any one time, we assume that the Server uses only one
> configuration containing their ciphersuite choice along with their
> secret key data.
> * We assume that the client has access to a global directory of the
> current configurations used by all Privacy Pass servers.
> """
> It seems to imply that the client have access to the configuration which
> includes the ciphersuite and server secrets.. Maybe here it will be good
> to clarify that clients only have access to the public part of the
> configuration of servers.
> 
> - The document should probably clarify that it will only refer to
> communication between one server and a client. It should also probably
> state that the handling of different clients and servers is the
> responsibility of the architecture document. I was think maybe a section
> with the limitations/out-of-scope of the draft, and where on the other
> drafts they are addressed.

Both of the above clarifications make sense to me. In particular, specifically laying out the scope of the draft is something that we should definitely do to avoid confusion.

> 
> - The architecture draft states the possibility of the existence of
> malicious servers that can rotate keys in a short time frame. Something
> that maybe also needs to be think about is the possibility of malicious
> servers deleting the storage of valid inputs (used to protect against
> double spending). I don't know how possible this can be, and how to
> protect.. but I was just wondering if it has been thought.

I guess this is a possibility. However, a server should only really maintain the double-spend index for their own security (to prevent clients from spending the same token over and over again). If a server decides to delete this storage, then really they have only harmed themselves. So I’m not sure if we need to cover this point specifically, other than mentioning that the server SHOULD maintain a double-spend index as detailed in the document.

> 
> I can create issues for these points and send some PRs on them, so let
> me know if you agree on them ;)

Sure! Documenting the consistency and clarification points on the GitHub repo would be useful.

Thanks,
Alex

> 
> Thanks!
> 
> 
> 
> -- 
> Sofía Celi
> @claucece
> Cryptographic research and implementation at many places
> FAB9 3EDC 7CDD 1198 DCFD  4558 91BB 6B45 6F44 2D02
> 
> -- 
> Privacy-pass mailing list
> Privacy-pass@ietf.org
> https://www.ietf.org/mailman/listinfo/privacy-pass

v2.23.0 | Report a Bug | By Email