[Privacy-pass] "Correctness" in draft-ietf-privacypass-key-consistency-00
Richard Barnes <rlb@ipv.sx> Wed, 29 March 2023 21:40 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15A1AC14CF05 for <privacy-pass@ietfa.amsl.com>; Wed, 29 Mar 2023 14:40:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aG7khhEtbZzi for <privacy-pass@ietfa.amsl.com>; Wed, 29 Mar 2023 14:40:10 -0700 (PDT)
Received: from mail-wr1-x42a.google.com (mail-wr1-x42a.google.com [IPv6:2a00:1450:4864:20::42a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 975B7C14CF1E for <privacy-pass@ietf.org>; Wed, 29 Mar 2023 14:40:10 -0700 (PDT)
Received: by mail-wr1-x42a.google.com with SMTP id m2so17144928wrh.6 for <privacy-pass@ietf.org>; Wed, 29 Mar 2023 14:40:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20210112.gappssmtp.com; s=20210112; t=1680126008; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=AXZJHR+XPnURjq/NOUTDhNh82isVmF0zJE0a7nSkNEc=; b=KjY1mhNRhzr78sRPF6+K59eoazQNC0fMn0FyFbJrHKZwhy5QzRXM5NBNHqYYVn0KoV JAj3NaeFz43UbNAOXasUZZOX2jQGCl1WAe8dASAmepVbu5Bbh8JiMD/zwdttYU/8Lr04 7NcJfUa/1w3PTlDxZ8JUGKTRqXUF6VfFbw92qzAS/H6jsQjItCU5DoNGlZfJUaAUvZqW kaNivcaBSGSljqw9BYzqGZiXAztUNi381K9o6UGFbcj4a5OCf3fyjINKHZTvr9oBHIDI hgIzuwsSLCuHtcqwRiiEVBanBmYM5luzp5/Ft2gDiFl8j0rjacxxSgQk6moMLRVjwLGe mLRQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1680126008; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=AXZJHR+XPnURjq/NOUTDhNh82isVmF0zJE0a7nSkNEc=; b=ALk2Zvo5aspjJCbUPbDgF2YZwiFpzutFaTELsBKo3IsSCyOfetdMSgdD4f7R6fU1gI NKHOiRnCkhBET7Uoh0+mMb8+ED/+Co6PIRpgANT6mUx9XpCkDzxH3bWjdQAf+tp7UHT3 PpPAqWo1s3R5jmLJzgArc0PMTfSaZblsPgydVl1KNLZfOA/aqjVLrSkY/sV0vBJQodgj h+DWRSZes2wwWfPOoFIcshPQY+2ypYZfu6AVgQ2E9VFTN+VE7dw39cS/AXbLtkZPSrgN weJM0sarn193l4TAVbJiQ5dpOvXvcpTvMm+4/rwDGRAR3tUsHnuoHaDQlmMPbgAuqqmm yRlQ==
X-Gm-Message-State: AAQBX9e19XkRLXxRd12FTsMDRh5bApDqQJn0eO90WjUcEaYD1jws4lE1 CeOkjlv5oRlGPKHV43QXgEDowQlnfn+3JhLThk2sLi5pTI3Cf0CcFfNltGgy
X-Google-Smtp-Source: AKy350buB+1jhL5WkNklKWhF3lx8Xj7ri4dwp6UH4sjay8IGs8SyWtO9r7a1ObUykylgPVu/+2+zcfo37gDMWYuLt4M=
X-Received: by 2002:adf:fa50:0:b0:2cf:8393:651d with SMTP id y16-20020adffa50000000b002cf8393651dmr4295291wrr.5.1680126008383; Wed, 29 Mar 2023 14:40:08 -0700 (PDT)
MIME-Version: 1.0
From: Richard Barnes <rlb@ipv.sx>
Date: Wed, 29 Mar 2023 17:39:57 -0400
Message-ID: <CAL02cgRjXsn8GAQ1Wsb2aa_w0AAv3YJcEi=YYEb8oHZfh8dKdw@mail.gmail.com>
To: privacy-pass@ietf.org
Content-Type: multipart/alternative; boundary="000000000000e86c4a05f810d1b8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/aQ1P-e3h-ScejVz5t_vd1KHlSRk>
Subject: [Privacy-pass] "Correctness" in draft-ietf-privacypass-key-consistency-00
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Pass Protocol <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Mar 2023 21:40:11 -0000
Hi all, In prep for Friday's meeting, I took a look at this document. Overall, it seems like a helpful summary of the options. The document goes astray, though in trying to do anything about "correctness": > key correctness is that the key's secret information is controlled by the intended entity and is not known to be available to an external attacker These are not properties that any cryptographic protocol will ever be able to prove, so there's no point to stating it as an objective. As I put it to Chris Wood earlier, it's like saying "This is a protocol for assuring that Chris gives consistent answers and has pure intentions." I get the consistency bits, but you're never going to prove that Chris has pure intentions, so why even mention it? I suspect what the authors are after is a notion more like, "the key the client uses is the one published by the server". But that's more of a standard data origin authentication property, maybe with some notion of freshness. It's about the fidelity of the server's instruction to clients, not what private values the server controls or what an attacker knows. Hope that helps, --Richard
- [Privacy-pass] "Correctness" in draft-ietf-privac… Richard Barnes
- Re: [Privacy-pass] "Correctness" in draft-ietf-pr… Martin Thomson