Re: [Privacy-pass] Follow-up: Privacy Pass RWC meeting
Alex Davidson <adavidson@cloudflare.com> Tue, 21 January 2020 12:32 UTC
Return-Path: <adavidson@cloudflare.com>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6178120111 for <privacy-pass@ietfa.amsl.com>; Tue, 21 Jan 2020 04:32:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NF-TSn2gCumP for <privacy-pass@ietfa.amsl.com>; Tue, 21 Jan 2020 04:32:29 -0800 (PST)
Received: from mail-wr1-x42f.google.com (mail-wr1-x42f.google.com [IPv6:2a00:1450:4864:20::42f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED168120100 for <privacy-pass@ietf.org>; Tue, 21 Jan 2020 04:32:28 -0800 (PST)
Received: by mail-wr1-x42f.google.com with SMTP id t2so3028027wrr.1 for <privacy-pass@ietf.org>; Tue, 21 Jan 2020 04:32:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=from:mime-version:subject:date:references:to:in-reply-to:message-id; bh=QFEvTXrSAQy+gSThvUra7xc++RI16rPlUNcov3mnwnA=; b=nXKGBiH8JF0vJmjK++iijinH8pLbvDjHe9NBMLHHvwrIOA+oF6/wQTx+yX5NxRi1W7 Y+DRyqkdjuZ62IDg/rwyh1rrwGZ1v8mRGC/QzdLn1Frhzd/3W/h6by6gMi012gp0vmI/ KbdloC3VVvgPK/ixb/DeaWtdfwaw2E1pv4OiQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:date:references:to :in-reply-to:message-id; bh=QFEvTXrSAQy+gSThvUra7xc++RI16rPlUNcov3mnwnA=; b=LEfAuKxX+hQhS6KwJDajCh/QAxYnEgwvewbgq5UVG5vsbavJj+/HU6SAQzbfHdYsZY xgntMZ6W7zVmMsqQFOAhAMIiyv4F6JMLyLMLF15EiPqBi0nUGE5OlkxA+8IbtvAC47C0 gda9o0jbSwAZQVA2LwPtZkL3mGOogALE1ZnD0NoIewNFOlgUTLS0s5Pvz+dwwEy2frr5 OvUnTmgJthAPxU+0Rg808SyGmuphbROV1FF7cGZ/6Qcfe2gTy4D16ddRHOf1B06hah5P +nTmWJN3FArkBVCKcWhdJLNK7NfVXAcK51uWk6CCtvoIpCIRxZ81PKsGGD+MVEUY4wQB wHDA==
X-Gm-Message-State: APjAAAX/V/Hm/PxmZzF2aMJXLeYMhGMAuwDjrMrdNxWfHjABXDa99Nzt eSfwEcwzhEg/6NYQjnOnh0wgA0Eh1G5vHA==
X-Google-Smtp-Source: APXvYqwAg6ol56ISS7Nu5sjjQ5rBYJ+n68Fi/8aW2IOMR4O7mY6OFN1ZQAE/Fv29GFfPsyWE6/FOJw==
X-Received: by 2002:a05:6000:1187:: with SMTP id g7mr5020488wrx.109.1579609946922; Tue, 21 Jan 2020 04:32:26 -0800 (PST)
Received: from c02wq34chtdd.localdomain ([88.157.168.82]) by smtp.gmail.com with ESMTPSA id s8sm50869672wrt.57.2020.01.21.04.32.25 for <privacy-pass@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 21 Jan 2020 04:32:26 -0800 (PST)
From: Alex Davidson <adavidson@cloudflare.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_2BACEA8B-189B-4446-A531-3D20D7005DD7"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Tue, 21 Jan 2020 12:32:24 +0000
References: <691C5715-E1F7-4A97-A6A8-D3983733E51E@cloudflare.com>
To: privacy-pass@ietf.org
In-Reply-To: <691C5715-E1F7-4A97-A6A8-D3983733E51E@cloudflare.com>
Message-Id: <AE5688D5-AA80-4A23-8624-53B627FAD7AB@cloudflare.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/X3pUY3Lb10pUwKUX-mIh50YssuA>
Subject: Re: [Privacy-pass] Follow-up: Privacy Pass RWC meeting
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jan 2020 12:32:38 -0000
Hi all, Just wanted to follow up on accumulating feedback for the charter again. It’s important that we agree on this since it is necessary to have before we can proceed with organising a BoF meeting @ the IETF. Let us know if you have any comments on what is currently written. I’m going to move the discussion surrounding the previous agenda items and the next steps for the BoF process to separate threads. Cheers, Alex > On 10 Jan 2020, at 17:26, Alex Davidson <adavidson@cloudflare.com> wrote: > > Hi all, > > Thanks to everyone who managed to attend yesterday and contribute to the interesting discussion! We did not quite manage to finish walking through the draft charter and there were also some agenda items that we did not manage to discuss. > > With this in mind, perhaps a good way to move forward would be the following: > > - I have attached the current iteration of the charter to this email and I have also created a GitHub repository containing it at https://github.com/alxdavids/privacy-pass-wg-charter <https://github.com/alxdavids/privacy-pass-wg-charter>. We can iterate on the charter on list, or using PRs & issues in the GitHub repo. > - We arrange another side-meeting (probably virtual) between now and the time of IETF 107 (21-27 Mar, Vancouver) to discuss the rest of the agenda, which is: > - Next steps for the BoF process and IETF107 > - Discussion of use-cases > - Agreement on protocol extensions > - If anyone would like to raise anything separately then we can discuss it on this list. > > If we go ahead with the side-meeting, we should aim to have something close to a stable charter. This would allow us to focus on how to move the BoF process forward. > > Best, > Alex > > Note: I’ve cleaned up the draft a bit based on the notes that were made during the meeting. > > ==== BEGIN CHARTER ==== > > The Privacy Pass protocol was first proposed in November 2017 as a performant mechanism for providing privacy-preserving attestation of a previous successful authorization between a human and a server. > > The primary purpose of the Privacy Pass working group is to develop and standardize the protocol, influenced by applications that have arisen from the wider community. The main requirements of the working group are to develop a protocol that satisfies the following properties: > > Issued tokens are unlinkable with other tokens corresponding to the same anonymity set. > Tokens are unforgeable. > The issuance and verification mechanisms are practically efficient. > > The aims of the working group can be split into three distinct goals that we describe below. > > 1) Develop the specification of the generic protocol: > > Specify the full cryptographic authorization exchange and terminology along with suitable ciphersuites (and security parametrizations) for maintaining security for a meaningful time period. > The negotiation of ciphersuites is determined by the application-specific profile and out-of-scope for this protocol. > Describe the structure of protocol messages. > Describe a framework for extensions to the base protocol for achieving additional functionality, or for providing different security guarantees. > > 2) Develop the wider architecture for running the protocol > Construct interfaces that make the protocol suitable for integration with potential use-cases. > Including required functions for applications > Document potential applications of the protocol and of its official extensions > Define the privacy goals for each client during the exchange, along with expectations placed on the server and the ecosystem at large. > Analyse mechanisms for tracking via public key and expectations placed on server. > Privacy considerations of incentives for not verifying messages correctly (along with general threat model). > > 3) Develop document for Privacy Pass in HTTP? > Specify a common understanding of how Privacy Pass data is integrated with HTTP requests and responses for web-based applications. > Specify where key material stored, how it’s accessed, and associated security considerations > > > Each goal listed above will be fulfilled with an individual document that addresses the necessary conditions. Once these documents are completed, this working group will have concretized a standardized architecture for constructing instances of the protocol. As a consequence, this will enable an ecosystem of applications that depend on the authorization framework provided by Privacy Pass. > > In particular, by the time that the working group achieves consensus around these documents, we hope to have a number of interoperable implementations, a clear analysis of the security and privacy considerations, and a diverse ecosystem of concrete applications. > > Note that the specifications developed by this working group will be informed by draft-irtf-cfrg-voprf <https://datatracker.ietf.org/doc/draft-irtf-cfrg-voprf/> which is currently owned by the Crypto Forum Research Group (CFRG@IRTF). In addition, draft-privacy-pass <https://datatracker.ietf.org/doc/draft-privacy-pass/> will serve as a starting point for the work of the working group. > > ==== END CHARTER ==== > >
- [Privacy-pass] Follow-up: Privacy Pass RWC meeting Alex Davidson
- Re: [Privacy-pass] Follow-up: Privacy Pass RWC me… Alex Davidson
- Re: [Privacy-pass] Follow-up: Privacy Pass RWC me… Steven Valdez