Re: [Privacy-pass] Searching for simplicity
Tommy Pauly <tpauly@apple.com> Thu, 24 March 2022 20:44 UTC
Return-Path: <tpauly@apple.com>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33FE13A0A9A; Thu, 24 Mar 2022 13:44:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U0z5m1XYN35c; Thu, 24 Mar 2022 13:44:23 -0700 (PDT)
Received: from rn-mailsvcp-ppex-lapp45.apple.com (rn-mailsvcp-ppex-lapp45.rno.apple.com [17.179.253.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 917CB3A0A8B; Thu, 24 Mar 2022 13:44:23 -0700 (PDT)
Received: from pps.filterd (rn-mailsvcp-ppex-lapp45.rno.apple.com [127.0.0.1]) by rn-mailsvcp-ppex-lapp45.rno.apple.com (8.16.1.2/8.16.1.2) with SMTP id 22OKZbEV030455; Thu, 24 Mar 2022 13:44:22 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=content-type : mime-version : subject : from : in-reply-to : date : cc : content-transfer-encoding : message-id : references : to; s=20180706; bh=2brf2saoNL54cB730y9v75dnMDY7LWi4OkRWjr7ysG0=; b=iZiQStECRTs77qpISbE+NXLwPrWxOr1hXjxPdVe6zx2j+loa25H68u6q6B8z0dt6g5iM jCYoYTM6YnPrm7EBTmZ7/Sn3zTo9MhjRcw9Kw5kVR/aJO1emuPL19M7XPPLcz+01FT5y VpYMbC8Fs3+BgR6SckAh44pUDIfkdUEMYpOWi2I9PjHfHMW6gCqjRA+5C6FM17zojc1g SHZUjm2NOhg9Cl5vHm5SeE20gnqHQB8xQJ8qfCAFr0KChURu3yV5ap+J21EMBoCvGGk9 Z0buAQ/IVdRbkroaI+hPu/KkjhLKriefWe30Iw6E/ViB8L2sHUd5BvU3bqnqR292Gi+y ig==
Received: from rn-mailsvcp-mta-lapp02.rno.apple.com (rn-mailsvcp-mta-lapp02.rno.apple.com [10.225.203.150]) by rn-mailsvcp-ppex-lapp45.rno.apple.com with ESMTP id 3ewdfte5bc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 24 Mar 2022 13:44:22 -0700
Received: from rn-mailsvcp-mmp-lapp03.rno.apple.com (rn-mailsvcp-mmp-lapp03.rno.apple.com [17.179.253.16]) by rn-mailsvcp-mta-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.16.20220118 64bit (built Jan 18 2022)) with ESMTPS id <0R9900ESFO9YETE0@rn-mailsvcp-mta-lapp02.rno.apple.com>; Thu, 24 Mar 2022 13:44:22 -0700 (PDT)
Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp03.rno.apple.com by rn-mailsvcp-mmp-lapp03.rno.apple.com (Oracle Communications Messaging Server 8.1.0.16.20220118 64bit (built Jan 18 2022)) id <0R9900600NXDBM00@rn-mailsvcp-mmp-lapp03.rno.apple.com>; Thu, 24 Mar 2022 13:44:22 -0700 (PDT)
X-Va-A:
X-Va-T-CD: e72da815dcb01dab2f988f94f1719970
X-Va-E-CD: 9565a5e7a23628a62dad30b414ab0a38
X-Va-R-CD: b30fc3eddc63b15e2e6f3657d56e20d5
X-Va-CD: 0
X-Va-ID: a2c6c209-184d-48c3-98a0-e79189e0d8f4
X-V-A:
X-V-T-CD: e72da815dcb01dab2f988f94f1719970
X-V-E-CD: 9565a5e7a23628a62dad30b414ab0a38
X-V-R-CD: b30fc3eddc63b15e2e6f3657d56e20d5
X-V-CD: 0
X-V-ID: d0fba6e3-2a52-4c08-94b1-0e951c3ac9a1
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.850 definitions=2022-03-24_07:2022-03-24, 2022-03-24 signatures=0
Received: from smtpclient.apple (unknown [17.234.94.177]) by rn-mailsvcp-mmp-lapp03.rno.apple.com (Oracle Communications Messaging Server 8.1.0.16.20220118 64bit (built Jan 18 2022)) with ESMTPSA id <0R9900NM9O9W5D00@rn-mailsvcp-mmp-lapp03.rno.apple.com>; Thu, 24 Mar 2022 13:44:22 -0700 (PDT)
Content-type: text/plain; charset="utf-8"
MIME-version: 1.0 (Mac OS X Mail 15.0 \(3691.0.3\))
From: Tommy Pauly <tpauly@apple.com>
In-reply-to: <CAHbrMsD8D6Qrt=swviv1uaf2DS5tTU6POJMJRXs=vpncFPmGdA@mail.gmail.com>
Date: Thu, 24 Mar 2022 13:44:20 -0700
Cc: privacy-pass@ietf.org
Content-transfer-encoding: quoted-printable
Message-id: <3AB480F8-6DB7-46E1-9EBB-393D4DAFBEDD@apple.com>
References: <CAHbrMsD8D6Qrt=swviv1uaf2DS5tTU6POJMJRXs=vpncFPmGdA@mail.gmail.com>
To: Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3691.0.3)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.850 definitions=2022-03-24_07:2022-03-24, 2022-03-24 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/fc2OLoTUQtfQ4D_IKtLzuhYU2WQ>
Subject: Re: [Privacy-pass] Searching for simplicity
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Pass Protocol <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Mar 2022 20:44:26 -0000
> On Mar 24, 2022, at 1:34 PM, Ben Schwartz <bemasc=40google.com@dmarc.ietf.org> wrote: > > Hi all, > > Not as chair. > > I found the discussion today of "preventing abusive account creation", and the goal of "ensuring that no single party knows both the stable client ID and the origin name", very helpful to understand the requirements for the rate-limiting proposal. After reviewing the draft, it seems that it has already been simplified substantially (no Schnorr proofs!), so I can certainly believe that this is the simplest instantiation. > Thanks for reviewing/re-reading! The goal was certainly to simplify. > Some questions for the authors: > * Are you assuming that the client enforces some limit on the number of distinct Issuers, as discussed in other Privacy Pass drafts? If any origin operates its own private Issuer, the Attester ends up learning that the user visited that origin, violating the separation goal. Do you intend to prevent this? Yes, a 1:1 relationship between Issuer and Origin would indeed violate the goal of separating information from the Attester. It still doesn’t allow the Attester to know the origin state, but it does tell the Attester more about the origin identity than we’d want. I think we don’t clearly state a requirement that the Client and/or Attester need to collectively check that there are a sufficient number of origins served by each issuer (conversely, that there aren’t too many issuers). As we’re considering Attester deployments, it would be a requirement when onboarding an Issuer to ensure that there is a sufficient set of origins. We can open an issue to add this text. > * The draft notes that "The Origin does not learn which Attester was used by a Client for issuance". Is this a requirement? Would relaxing it allow any simplifications? Does this hold true if there is an Issuer that issues tokens to only one Attester? Chris can correct me if I’m wrong, but I believe this is more of a statement of the properties rather than a strict requirement. You are indeed correct that an Issuer that only ever allowed one Attester would then be able to tell an Origin what Attester was used implicitly. > > I would also appreciate some thought on the post-compromise properties of this system, e.g. describing the downstream implications of a misbehavior of one of these parties. Yes, that’s a great point. There should definitely be discussion of what could be reconstructed if parties logged and leaked data, etc. Best, Tommy > > Thanks, > Ben Schwartz > -- > Privacy-pass mailing list > Privacy-pass@ietf.org > https://www.ietf.org/mailman/listinfo/privacy-pass
- [Privacy-pass] Searching for simplicity Ben Schwartz
- Re: [Privacy-pass] Searching for simplicity Tommy Pauly