[Privacy-pass] privacypass virtual BoF follow-up
Alex Davidson <adavidson@cloudflare.com> Thu, 02 April 2020 10:16 UTC
Return-Path: <adavidson@cloudflare.com>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 870F53A0F18 for <privacy-pass@ietfa.amsl.com>; Thu, 2 Apr 2020 03:16:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, WEIRD_PORT=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N3yGO2EJ5LH3 for <privacy-pass@ietfa.amsl.com>; Thu, 2 Apr 2020 03:16:53 -0700 (PDT)
Received: from mail-wm1-x330.google.com (mail-wm1-x330.google.com [IPv6:2a00:1450:4864:20::330]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79DAE3A0F1A for <privacy-pass@ietf.org>; Thu, 2 Apr 2020 03:16:53 -0700 (PDT)
Received: by mail-wm1-x330.google.com with SMTP id c195so5625485wme.1 for <privacy-pass@ietf.org>; Thu, 02 Apr 2020 03:16:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=from:mime-version:subject:message-id:date:cc:to; bh=O9EW/fd8TJogEurWZroq0Ja1QXj7jYv203FJi6729s8=; b=jcNLHG2gzEGKZTz92emPcjlYsSd3Nyf9cMkTJ0+MtjUjsl1/NvcwCxT40Sz4elNw+D caPeGcCAbSiHXg/DlEa39dVJTAEkxySf07XdqEwdBf/TRtZX1LSk9S2mpnVghgbmo6iF iHGiUJTh3d86trX+JBE4fsyv01/xuLr2+Q/yo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:message-id:date:cc:to; bh=O9EW/fd8TJogEurWZroq0Ja1QXj7jYv203FJi6729s8=; b=bifRxOggSzSrxIGEg2LmOazFKEk3cmYp1aVl0RxeG3OOwrPUgYIU0p+QpiTRg3iLgI h+RvpP0MO6EY+oAJDnHS3fCAkZAqBS/G9pTQ/kwU3nMzqkoOGmiDEPmlId1Y0Q0irBsg D12ljMh4dX/K9bVl8IKh+Z0Dqe3xLSQgDm8gvLfDW5+dCRQ6I0CT9qJQ9vhIVRji0Q7A 0YtsTbKHs9WhZ+VzgkJEPqOShwmn1tIjZz1Yt9oM3YZyXZAz29TGdI59GrNRh5fD9tBJ avGwpKp164sxth3H8YRgG8fcSK4XoELQPaoMsNcW6+Nh4JQfgFfnvIx0YzbF2QcQxZ7r LQFg==
X-Gm-Message-State: AGi0PuZQ+YguMIkLEL7OYxKX83lXTB1wPkyhlCbvp9BMDBrvpGsNNdjk nnFaYNK5+b62h9lf1/+VD2dLwEMssM8=
X-Google-Smtp-Source: APiQypJOYfcwYzb6jOkaiAGLmTa+izafbpGiq3EgekLssw/Ut/Jno4GSZCb1fjiqdDxN6gO4kY2zsA==
X-Received: by 2002:a1c:bad5:: with SMTP id k204mr2703823wmf.162.1585822611129; Thu, 02 Apr 2020 03:16:51 -0700 (PDT)
Received: from ?IPv6:2001:8a0:7ac8:f600:bc72:cb12:a075:9601? ([2001:8a0:7ac8:f600:bc72:cb12:a075:9601]) by smtp.gmail.com with ESMTPSA id f20sm6228320wmc.35.2020.04.02.03.16.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 02 Apr 2020 03:16:50 -0700 (PDT)
From: Alex Davidson <adavidson@cloudflare.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_AD4A58AD-B57B-4336-A87C-D2BDF6CC666E"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Message-Id: <2E4FE8FF-6CB0-4092-A482-A3C5F9284103@cloudflare.com>
Date: Thu, 02 Apr 2020 11:16:49 +0100
Cc: privacypass-chairs@ietf.org
To: privacy-pass@ietf.org
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/ZIw7B5bvseAXsahqe8BPC9oVkSM>
Subject: [Privacy-pass] privacypass virtual BoF follow-up
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Apr 2020 10:16:56 -0000
Hi all, Firstly, thanks to all of you that participated in the virtual BoF last week. I thought the discussion was really valuable and will provide us a great base to rework the charter, and then hopefully work towards forming a WG. Thanks also to all those that registered interest in supporting the process of writing, editing and reviewing etc. Following on from the meeting, I have been over the minutes [1] and the conversations that occurred in the corresponding jabber session [2]. I just wanted to highlight below some of the key questions/pieces of feedback that were raised during the meeting to enable further discussion on these points. # General questions & feedback on problem & use-cases: - It was mentioned a few times that there is *some* similarity with the problem that is being solved by the RATS working working group [3]. Though, the privacypass WG would specifically target the application-layer and with a focus on preserving client unlinkability. - The notion of token transferability is not really covered in the current charter/documentation, but it is currently inherent with in the protocol design that we have. We should at least add a discussion on how this fits into the problem space, and potentially whether we also need additional protection mechanisms. - Double-spend protection is currently a listed requirement in the architecture document, but there may be applications that would prefer that this is relaxed. - More discussion in the documents on what constitutes valid metadata for each issued token. Also note differences between public/private metadata from the client perspective. - More thought and discussion needs to be put into the possibility of issuer consolidation/centralization, and how it should be avoided. # General feedback on draft charter: - We need a more concrete description of the problem statement - Who are the intended issuers & redeemers? - Which parties make up an ecosystem? - What do the parties expect from each other? - Better terminology, replace "trust attestation" with something more accurate. - Establish the context that we are scoping for throughout the charter (e.g. application-layer, web-context). - State explicit requirements of tokens with definitions, for example: - Unlinkability with respect to notion of anonymity set. - Unforgeability of tokens. - Client mechanism for verifying that Issuer is using a committed key. - Potentially add some initial questions that should be answered before we discuss the core deliverables of the WG, including: - Token transferability discussion. - What additional data is sent during token issuance and client redemptions? - How clients/consumers determine which issuers they trust, and under conditions they redeem tokens. - Auditing mechanisms for potentially malicious issuer behavior. - What is the potential for centralization, and strategies/WG commitment for mitigating against this. - Is there a different way to structure the core deliverables beyond the three documents that we currently have? I think the points above are things that we can cover by reworking the charter and as discussion points in the documentation. If there is anything that has been missed (or any additional points that have not been surfaced so far), please feel free to raise it. Finally, there were questions (raised by Martin Thomson and others) relating to investigating further how the client & intermediate consumers decide that they trust certain issuers. For example, looking into to the decision-making process under which clients hand over tokens (for example, can client's check the size of their anonymity set?). It also relates to the question of what information the clients trust to be encoded in the information channel. These questions are important to answer in their own right before we proceed with chartering, so I will start a separate thread to start discussion on these points. Thanks, Alex [1]: https://etherpad.ietf.org:9009/p/notes-ietf-107-privacypass <https://etherpad.ietf.org:9009/p/notes-ietf-107-privacypass> [2]: https://www.ietf.org/jabber/logs/privacypass/2020-03-26.html <https://www.ietf.org/jabber/logs/privacypass/2020-03-26.html> [3]: https://datatracker.ietf.org/wg/rats/about/ <https://datatracker.ietf.org/wg/rats/about/>
- [Privacy-pass] privacypass virtual BoF follow-up Alex Davidson