Re: [Privacy-pass] Working group last Call for batched Tokens

Raphael Robert <> Mon, 08 April 2024 18:37 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4A381C15109A for <>; Mon, 8 Apr 2024 11:37:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -7.095
X-Spam-Status: No, score=-7.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ZDuahDFfwojv for <>; Mon, 8 Apr 2024 11:37:35 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4864:20::32a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by (Postfix) with ESMTPS id 71056C151545 for <>; Mon, 8 Apr 2024 11:37:35 -0700 (PDT)
Received: by with SMTP id 5b1f17b1804b1-4165d03308fso15107035e9.2 for <>; Mon, 08 Apr 2024 11:37:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=rr; t=1712601453; x=1713206253;; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc:subject:date:message-id:reply-to; bh=+BFG2JROuMHH6ClT9jCknM2Rdsr2J5d/qFRrvdWeUzw=; b=tnqOVCIkryAQ5WgLpOF5y9foDvuItE1YWb5jYCGK5ukKlMt08aAnl2Jdf1Bf2klwDg +gRJgpW/LciHzBfemSMdmAS6OeIR7pRbbuM4gWnW9fdW/AVd9pc010g1JfahNn08HQH4 8nEmBe5z8qtYZWkACQwYTmeXVBnyoqLMd/ca0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20230601; t=1712601453; x=1713206253; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=+BFG2JROuMHH6ClT9jCknM2Rdsr2J5d/qFRrvdWeUzw=; b=NcqMVrDtgXAf4Qw4ALMIrNwhTtEwSpixPDtJGW9O0E4YN7VgmRZLm8LjES56TmYMqX jBZ5R3BAxSboHwd4PHqDOTSOvacyvQDY++gGDv/NEVTZL08I+KZPOwl7GXdD3TW/FkJR dLMKxwKRiBkdSGT2G15mfOJtwVGKzKX4sryrYpT3jXkxpR97b32yJOHH7AeC1fwiwnu+ kGiESf7Wo+Y4ggOeNLIyd4jo7ZqxuZYboYlCREJHhx5yJynB65TDfzYOYFVD/b+EYEdM PwA73ZIiwCctOpLmP8g6CbAxed171R8AGLTPDpji29J8CNegLTVkTUDZ+tj+clgFCCeG 4ADg==
X-Forwarded-Encrypted: i=1; AJvYcCX0esh4SH93ubKecWVJPIxynKhrJy2DYBsksrcD3WK//ufjMum+SZZGbF/hk7uiko9LIbw/+VPPTJ1F4PVU7mBQZ4+SWXQ=
X-Gm-Message-State: AOJu0YwJXqI5biltCA9xGiu8Cne+9yNstRewP7NHlFHr8cK84uf5eKVt ONSrYOEO+LQO56jv2BJSzArzGdLxLolkXkY0sCyrs5EQ4u6zppbPCeEoruPAdKc=
X-Google-Smtp-Source: AGHT+IGGiMo0tH5RkiERgxR/IsWSrVkp3wHhLedc8Tj6gSe99GAkC5CxuzUeHhKk2VWFnt9TEqUP5w==
X-Received: by 2002:a5d:5047:0:b0:343:68c5:a07d with SMTP id h7-20020a5d5047000000b0034368c5a07dmr8646113wrt.61.1712601452946; Mon, 08 Apr 2024 11:37:32 -0700 (PDT)
Received: from ([2a02:8109:9f19:7000:45a6:a892:1d9e:3136]) by with ESMTPSA id hg21-20020a1709072cd500b00a4e0df9e793sm4725380ejc.136.2024. (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 08 Apr 2024 11:37:32 -0700 (PDT)
From: Raphael Robert <>
Message-Id: <>
Content-Type: multipart/alternative; boundary="Apple-Mail=_6C5A678C-17F9-4CAA-8650-1E2308BB6D53"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.500.171.1.1\))
Date: Mon, 08 Apr 2024 20:37:21 +0200
In-Reply-To: <>
Cc: Joseph Salowey <>, Steven Valdez <>, Christopher Wood <>,
To: Tommy Pauly <>
References: <> <> <> <> <>
X-Mailer: Apple Mail (2.3774.500.171.1.1)
Archived-At: <>
Subject: Re: [Privacy-pass] Working group last Call for batched Tokens
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Pass Protocol <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 08 Apr 2024 18:37:40 -0000

Thanks for the issue, I’ll take a look.

Regarding the question of the redemption being the same – I think that’s only true for the P-384 batched tokens, but not the ristretto255 variant. 

I will cut a new draft shortly once I looked at the issue, sorry for being slow here.



> On 8. Apr 2024, at 17:36, 'Tommy Pauly' via ietf <> wrote:
> Also chiming in for a review — I just read through the draft and it looks good to me. I didn’t see any particular flaws that I would say need addressing before publication. I filed one very minor editorial issue
> I did have one overall question about our approach to token types and batching: this new batched VOPRF allocates a new token type, although my understanding is that the redemption step doesn’t necessarily need to know anything about it being batched in order to validate the token. To what degree do we want changes to the issuance that don’t impact the nature of the token upon redemption to be reflected in the token type vs some other difference in the request (such as media type, etc, etc)? Is there a security reason that the redeemer needs to know?
> Tommy
>> On Apr 7, 2024, at 9:02 PM, Joseph Salowey <> wrote:
>> RIght now we only have one response to the last call which is not enough to call consensus on.   It would be good to have a draft that is not expired, but I also think before we can continue a consensus call we need a draft with all the outstanding changes as well.  
>> Thanks,
>> Joe
>> On Wed, Mar 20, 2024 at 3:37 AM Raphael Robert < <>> wrote:
>>> As soon as that issue is resolved I’ll make one more editorial pass before I cut a new draft. I’ll announce it here.
>>> Raphael
>>>> On 20. Mar 2024, at 06:23, Steven Valdez < <>> wrote:
>>>> I think this draft looks mostly good and I support it going to the IESG. There is one outstanding issue #6 <> (I submitted and forgot to follow up on) regarding adding the VOPRF variant as a defined type since we're relying on that variant for PST. I can try to get a PR for that submitted, though not sure what the ordering between the draft being expired, the WGLC and cutting a new draft should look like?
>>>> -Steven
>>>> On Mon, Mar 11, 2024 at 2:47 PM Joseph Salowey < <>> wrote:
>>>>> This is the working group last call for Batched Token Issuance Protocol (  Please review the document and indicate if it is ready to forward to the IESG by posting comments to this thread.  The internet draft is about to expire but should still be accessible.  Please send your comments by March 26, 2024.  
>>>>> Thanks,
>>>>> Joe and Ben
>>>>> -- 
>>>>> Privacy-pass mailing list
>>>>> <>
>>>> --
>>>>  Steven Valdez |	 Chrome Privacy Sandbox | <> |	 Cambridge, MA
>>>> -- 
>>>> Privacy-pass mailing list
>>>> <>
>> -- 
>> Privacy-pass mailing list