[Privacy-pass] Questions on client trust
Alex Davidson <adavidson@cloudflare.com> Thu, 02 April 2020 10:44 UTC
Return-Path: <adavidson@cloudflare.com>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F92A3A0F9C for <privacy-pass@ietfa.amsl.com>; Thu, 2 Apr 2020 03:44:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CZew-O7u6Dc3 for <privacy-pass@ietfa.amsl.com>; Thu, 2 Apr 2020 03:44:23 -0700 (PDT)
Received: from mail-wr1-x436.google.com (mail-wr1-x436.google.com [IPv6:2a00:1450:4864:20::436]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7AEEC3A0F99 for <privacy-pass@ietf.org>; Thu, 2 Apr 2020 03:44:23 -0700 (PDT)
Received: by mail-wr1-x436.google.com with SMTP id s8so1446064wrt.7 for <privacy-pass@ietf.org>; Thu, 02 Apr 2020 03:44:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=from:content-transfer-encoding:mime-version:subject:message-id:date :to; bh=legbDers2Gc3oqymy7kGR0jZRXwdKOAtyt+2qVHtKPo=; b=eNdrmOdS+EaTC5fELrcEPBmTkrbOr3Ulysy1xZ8um11R04TFjH8SvpnyWZPyRf1UPb qUl+8fiveYNlrCpaNjUgmjBzd9NtinsA6uyBh+9db1wB8VKHljPbiVI6NyABpEfZHdUa KbLpunxc/vhizdOXLCF7zWNT+S9ujv9mA2aR0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:message-id:date:to; bh=legbDers2Gc3oqymy7kGR0jZRXwdKOAtyt+2qVHtKPo=; b=N7tMfwF22aec4BFZ8i5no9IHusKXd0JS2G0LcFc4ZSzoHY+C4oagyZH4WaKQkGpQ9v pRpGRWZAXYBiyvf6Hc7F1fEafW4p7yYFqeiFcmNd147kQgFYFtz8xJ4efvCJCz2rmbFd iS1WjwgxutJUn77OarFL802lyXgK1DAhYHmd6UE8uSr/ErQxcJPj9cBSW/bgw9qfXWfT V5q4Xf+iZm/GnXybtSmPuq9yNMmppGR+ENXEOg0DPT3I9hraRk/Aj4FWL1gdTD5o5TRy wy2aAPv4Lov/114NpR9M1GxcHAH2gQD23QnkRtQf4dEweWeg5U+B90j9UVoqI8SLDWfT CI2w==
X-Gm-Message-State: AGi0PuYYqn8OND8DkDTZ6fkmJyJrjXM05NeLnXQf0YStdS6g5GrLEoyu 2mDtmGn8sfIlN66FYaaVJSMdfx9iQCE=
X-Google-Smtp-Source: APiQypI0jV+A+Atv0JJsRTBov4gBc8K7u+fk2ddZzc5z2fWT4PPurmhpGvJnk01PCOd1LiCVbuUHkA==
X-Received: by 2002:a5d:53c8:: with SMTP id a8mr2809436wrw.242.1585824261274; Thu, 02 Apr 2020 03:44:21 -0700 (PDT)
Received: from ?IPv6:2001:8a0:7ac8:f600:bc72:cb12:a075:9601? ([2001:8a0:7ac8:f600:bc72:cb12:a075:9601]) by smtp.gmail.com with ESMTPSA id o67sm6801530wmo.5.2020.04.02.03.44.20 for <privacy-pass@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 02 Apr 2020 03:44:20 -0700 (PDT)
From: Alex Davidson <adavidson@cloudflare.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Message-Id: <9A77145D-1506-4DC4-ADE2-9C5BD4B2AC86@cloudflare.com>
Date: Thu, 02 Apr 2020 11:44:19 +0100
To: privacy-pass@ietf.org
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/Zpup4MxRlMVYZXr2hR0KrSgG0hU>
Subject: [Privacy-pass] Questions on client trust
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Apr 2020 10:44:25 -0000
Hi all, Following on from the previous email. There were some initial questions raised during the BoF that will be important to discuss before we proceed to rework the charter. The most immediate questions are the following: - To what extent should client's trust the issuers when redeeming tokens? - Under what conditions should they accept/redeem tokens? - What information does the client trust the issuer to encode in the tokens? - How does an ecosystem protect itself against issuer consolidation and/or centralization? The first point is not currently covered by the current charter or docs. For example, a helpful measure would be for the client to check the size of the anonymity set that it is part of. Such considerations are required to be made for any client looking to use an anonymity-preserving tool. However, checking such measures appears difficult in the ecosystem that we are looking to construct. There are currently only recommendations in the architecture doc for redeeming tokens to reduce the impact of an issuer being able to target a specific client. I think providing practical mechanisms for allowing clients to make decisions on which issuers to trust is something that we will be able to do (such as specifying client/consumer allow-lists). But, providing the actual measures that the client uses to make these decisions appears (at least to me) to be beyond the scope of what can be achieved with the current design. On the second point of consolidation/centralization, this relates to the open question of how issuers are monitored by the ecosystem. The mechanism that we have for managing issuer key material in the architecture doc introduces a degree of centralization because the configuration registry must be centrally operated. The practical mechanisms used by clients to determine which issuers are trusted may also contribute to this. During Steven's presentation he mentioned some alternatives to this solution, such as fetching key material directly from issuers or from an intermediate proxy. However, both approaches would still need some sort of auditing. This could perhaps be avoided by introducing some sort of decentralization, though it's not immediately clear to me what such a solution would look like? Thanks, Alex
- [Privacy-pass] Questions on client trust Alex Davidson
- Re: [Privacy-pass] Questions on client trust Ben Schwartz
- Re: [Privacy-pass] Questions on client trust Chelsea Komlo
- Re: [Privacy-pass] Questions on client trust Martin Thomson
- Re: [Privacy-pass] Questions on client trust Alex Davidson
- Re: [Privacy-pass] Questions on client trust Alex Davidson
- Re: [Privacy-pass] Questions on client trust Ben Schwartz
- Re: [Privacy-pass] Questions on client trust Eric Rescorla
- Re: [Privacy-pass] Questions on client trust Eli-Shaoul Khedouri
- Re: [Privacy-pass] Questions on client trust Ben Schwartz
- Re: [Privacy-pass] Questions on client trust Chelsea Komlo
- Re: [Privacy-pass] Questions on client trust Chelsea Komlo