IETF Logo Mail Archive

Re: [Privacy-pass] Questions on client trust

Ben Schwartz <bemasc@google.com> Mon, 06 April 2020 18:57 UTC

Return-Path: <bemasc@google.com>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A62143A07AB for <privacy-pass@ietfa.amsl.com>; Mon, 6 Apr 2020 11:57:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s1oU_fa5OY9n for <privacy-pass@ietfa.amsl.com>; Mon, 6 Apr 2020 11:57:42 -0700 (PDT)
Received: from mail-wr1-x434.google.com (mail-wr1-x434.google.com [IPv6:2a00:1450:4864:20::434]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B94F73A0813 for <privacy-pass@ietf.org>; Mon, 6 Apr 2020 11:57:31 -0700 (PDT)
Received: by mail-wr1-x434.google.com with SMTP id w15so742173wrv.10 for <privacy-pass@ietf.org>; Mon, 06 Apr 2020 11:57:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=K8VJGpiTTip5pjGN8V4vmvgYkK/PIVq+D+pTR3M88+I=; b=fzwRT8CuLz9ghifAddeQpzwC05tJXnFqVwNniNBT8KphhCASLTlpp4UtMJICCUcpVH UlSfgZEnVy8WVglzuJHghIpsTD/HQm6WtKWVSN9ZehyXAfKiRx7I9V5F1N0Z856wL9mW kZzDJJmJkTplEm+U9yDs2JorNFgMleCS2Cm58y0jq5B/X9mrs6VZNEUzIuzlazdnZAxv TeJbI+b7oKkH1oILeAzpc/Xa42RVfRtAfVhM8x8mad4As9J+h62o4lyCVHFB3DFpRF7i c4bofm+d5vQAaYHAAHRwhlldCADQfWhzLrb0lIHwhgb08uzWcFTN8pRzL2RuzfxfNbYk 08NA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=K8VJGpiTTip5pjGN8V4vmvgYkK/PIVq+D+pTR3M88+I=; b=raHVWerOAOto61DjUZHqy87kZCbwhuCQhnlhm6oetuCaImKGjAme5R51R6lrKTCFtn 94WKi28muaClWH0rB1erqGYAMSbenvZAwo21Ltq3ljnAlBk+/Ra1v/fFquq2HBXl9kcL TufUGbtklaiJuem+EocbVCEtjOyoLWfc0Cngr60h5yiIDtwWgQMLI8fK9oENw4t3FAx9 gDx4mXS2paenswfpt8IoAqN0osDw/5e0S09ctVfx43gduYZz00611aJkw4OpZVNj8znG j1gs0VPq6i8Eu7YVzAW6ws5lkmQi9b2pI2R90fswlVshLwUOCZGRcXLux/V65wzT8jak /G9Q==
X-Gm-Message-State: AGi0PuYPBOuiP1HtCgAlAzOaQaEugLE5Ax6UuAGzZUykZWyu+zgvF9RX vCc50l0QBxa0yfew8bxpvCPOqE9iuW5I4e4mzhvq192TdMw=
X-Google-Smtp-Source: APiQypKg7XoPU9jTsvJL+RsnTEB6VNcJVWRmQO095uPYKgRrNGTJxXmItSp1mi74A5Zhnx/x7wNNX2susUGMkjUC3Rc=
X-Received: by 2002:adf:a4c9:: with SMTP id h9mr701940wrb.426.1586199449779; Mon, 06 Apr 2020 11:57:29 -0700 (PDT)
MIME-Version: 1.0
References: <9A77145D-1506-4DC4-ADE2-9C5BD4B2AC86@cloudflare.com>
In-Reply-To: <9A77145D-1506-4DC4-ADE2-9C5BD4B2AC86@cloudflare.com>
From: Ben Schwartz <bemasc@google.com>
Date: Mon, 06 Apr 2020 14:57:16 -0400
Message-ID: <CAHbrMsBfsJ1+ueTZBnsQxXiHQHkGLHG=j+5R8FgeJwt5nooQzw@mail.gmail.com>
To: Alex Davidson <adavidson=40cloudflare.com@dmarc.ietf.org>
Cc: privacy-pass@ietf.org
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="000000000000c85e4705a2a3d646"
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/h93EAAWhjR1kqUC6cy0LLQwvieo>
Subject: Re: [Privacy-pass] Questions on client trust
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Apr 2020 18:57:45 -0000

On Thu, Apr 2, 2020 at 6:44 AM Alex Davidson <adavidson=
40cloudflare.com@dmarc.ietf.org> wrote:

> Hi all,
>
> Following on from the previous email. There were some initial questions
> raised during the BoF that will be important to discuss before we
> proceed to rework the charter. The most immediate questions are the
> following:
>
> - To what extent should client's trust the issuers when redeeming
> tokens?
>         - Under what conditions should they accept/redeem tokens?
>         - What information does the client trust the issuer to encode in
> the
>         tokens?
> - How does an ecosystem protect itself against issuer consolidation
> and/or centralization?
>

Since we are chartering, not designing, I think it's premature to try to
solve these problems.  At this stage, our goal should be to describe (1)
the problems and (2) the scope of our ambition to address them.

As often seems to be the case, I think we are not really talking about
"more" or "less" consolidation, but rather trading off consolidation
pressure in different elements of the ecosystem.  The charter should
acknowledge that some degree of consolidation pressure may be unavoidable,
but we will do our best to minimize and mitigate it.

The first point is not currently covered by the current charter or docs.
> For example, a helpful measure would be for the client to check the size
> of the anonymity set that it is part of. Such considerations are
> required to be made for any client looking to use an
> anonymity-preserving tool. However, checking such measures appears
> difficult in the ecosystem that we are looking to construct. There are
> currently only recommendations in the architecture doc for redeeming
> tokens to reduce the impact of an issuer being able to target a specific
> client. I think providing practical mechanisms for allowing clients to
> make decisions on which issuers to trust is something that we will be
> able to do (such as specifying client/consumer allow-lists). But,
> providing the actual measures that the client uses to make these
> decisions appears (at least to me) to be beyond the scope of what can be
> achieved with the current design.
>

As several people seem to have noted, if origins ("forwarding verifiers")
could commit globally to a small set of issuers (of which the client
chooses only one), this might allow the client to convince themselves that
offering a token reduces their anonymity by at most some bounded amount.

Alternatively, perhaps a double-blinded exchange could allow the client to
provide a validation token from one of the verifier's trusted issuers,
without enabling the verifier to identify _which_ issuer it was.

On the second point of consolidation/centralization, this relates to the
> open question of how issuers are monitored by the ecosystem. The
> mechanism that we have for managing issuer key material in the
> architecture doc introduces a degree of centralization because the
> configuration registry must be centrally operated.


The unified central registry is not the only concern, perhaps not even the
main one.  I think the greater concern is the architecture draft's noted
restriction that: "allowing no more than 4 issuers at any one time is
highly preferable", which I believe is independent of the method of
auditing.  The reasoning behind this restriction seems sound, but the
resulting limit is unfortunate, and we should look for ways to remove it.

The practical
> mechanisms used by clients to determine which issuers are trusted may
> also contribute to this. During Steven's presentation he mentioned some
> alternatives to this solution, such as fetching key material directly
> from issuers or from an intermediate proxy. However, both approaches
> would still need some sort of auditing. This could perhaps be avoided by
> introducing some sort of decentralization, though it's not immediately
> clear to me what such a solution would look like?
>
> Thanks,
> Alex
>
> --
> Privacy-pass mailing list
> Privacy-pass@ietf.org
> https://www.ietf.org/mailman/listinfo/privacy-pass
>

v2.23.0 | Report a Bug | By Email