IETF Logo Mail Archive

Re: [Privacy-pass] New drafts for IETF107

Alex Davidson <adavidson@cloudflare.com> Mon, 02 March 2020 11:57 UTC

Return-Path: <adavidson@cloudflare.com>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 217B43A096E for <privacy-pass@ietfa.amsl.com>; Mon, 2 Mar 2020 03:57:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0NN3xHVq-SKk for <privacy-pass@ietfa.amsl.com>; Mon, 2 Mar 2020 03:57:30 -0800 (PST)
Received: from mail-ed1-x543.google.com (mail-ed1-x543.google.com [IPv6:2a00:1450:4864:20::543]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1B963A096B for <privacy-pass@ietf.org>; Mon, 2 Mar 2020 03:57:29 -0800 (PST)
Received: by mail-ed1-x543.google.com with SMTP id m13so12966812edb.6 for <privacy-pass@ietf.org>; Mon, 02 Mar 2020 03:57:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=7W0g/lR1GWe3bQaBWr7X5ndAcOlfBKYoJxIvgTvPQoo=; b=yHUE49n05jKbCmEXmgtO/FLai2SQLSWk1j3rPjgOpcWaoinsYmneNmH5QWHXJSQAGU p1BwIydSYg26Ez94jhA1882gOeznfALh53ukltzr1NElSJ1sqpfNTveku51G6JGFne8Q hUNAkZpXtZR7uzB9rsGZu5a1V4p737bV5zy6I=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=7W0g/lR1GWe3bQaBWr7X5ndAcOlfBKYoJxIvgTvPQoo=; b=UhDgukVEpa1qoA5L6LHig/270JhXQOxQ2BOLyEuhyCWQ11BB99lK7YtOCVeISAecos jAzk6c54Pd2NXVfRlPc4KDgMXVcRXERr4l3IE85XvX/yse2fDCbVcDSF+/ccz9kijGEU MCdus2OPkP8czKnxoxNx03kn6BaOLpeiAPScS+GwiWkGH/Ep9xXyBHl1dAxQgj7yFc+r le0r9tCkVfBRTR24rGA3qJ2BWiksO/CZNo+CpeDCmUG0hgc3HrTxlOXapN8shwc5GQi6 YWKwrIKIYdncxnI+M1yFdd7uXP7rfsZMM27+5ZghQ0NVr2nxMe/8n1ETe1pfniIr/xGB 6g8A==
X-Gm-Message-State: APjAAAXzJUB2nzdRyHJkzzK8uNjuohoskiAmga2PUUcVvwAENlGp/rSb +tzW06d+1iv8PBDFeR9N0BSDpQ==
X-Google-Smtp-Source: APXvYqyF9U4Uiz1exCQjXkFk1QEcD1hO0TuiEDTiAenC9R9ErWJ0Ix175h5Oeqy2gkY/Hi6+hNHLEg==
X-Received: by 2002:a05:6402:12d2:: with SMTP id k18mr16121641edx.253.1583150248282; Mon, 02 Mar 2020 03:57:28 -0800 (PST)
Received: from [192.168.12.247] ([85.88.130.222]) by smtp.gmail.com with ESMTPSA id g20sm279646edp.69.2020.03.02.03.57.26 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 02 Mar 2020 03:57:27 -0800 (PST)
From: Alex Davidson <adavidson@cloudflare.com>
Message-Id: <8FBF8C9F-6B9A-4D9D-AF92-0912BCD7A955@cloudflare.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_94FFBAC2-D1C3-42BD-9902-AB49E1AAE899"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Mon, 02 Mar 2020 11:57:25 +0000
In-Reply-To: <CANduzxDAKjQion4sUxquu7OHZDbv+PO9+oRRnBYaoAkOrXCicw@mail.gmail.com>
Cc: privacy-pass@ietf.org
To: Steven Valdez <svaldez=40google.com@dmarc.ietf.org>
References: <62860787-70C2-4B39-BC6B-B0A83DDCD824@cloudflare.com> <CANduzxDCEi3izVM49EmTwyLf=LNpO1dTPqb6JmO7zxaHPTCaTg@mail.gmail.com> <1F946C3A-D194-435E-9A0F-2388C70324C3@cloudflare.com> <38505538-5FC5-4496-BD80-760C6071BD01@cloudflare.com> <0E23922F-9E2A-4192-B4CA-E8462CC672A2@cloudflare.com> <CANduzxDAKjQion4sUxquu7OHZDbv+PO9+oRRnBYaoAkOrXCicw@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/iqEYlNtoO8v4JvYsOqX5T9WIJW0>
Subject: Re: [Privacy-pass] New drafts for IETF107
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Mar 2020 11:57:33 -0000

Hi Steven,

Thanks for the feedback.

> On 26 Feb 2020, at 15:22, Steven Valdez <svaldez=40google.com@dmarc.ietf.org> wrote:
> 
> Some initial comments from trying to write the API doc against the architecture doc:
> 
> - Having config_id and version seems like an odd set of names. config_id appears to just be the ciphersuite being used in the protocol, and version is the ID of the current set of key commitments.

You’re right, perhaps ciphersuite and commitment_id would be better?

> - The supports field seems like it would always contain issue and redeem, is there a use case where an set of keys would only ever be used for one or the other?

This is true, I was mainly leaving this open in case there were extensions that split the server functionality. For example, if we go down the public verifiability route, then it would be conceivable that only “redeem” would be supported?

> - The revoked scheme seems a bit weird (modifying previous keysets after the fact) and makes it hard to integrate with something like an append-only log. Wouldn't it be easier to just use to have a set of fields at the top level (under server_id) that list which keys are allowed to issue (always the newest key) and redeem (the current and previous keys).

I agree with this change, I’ll adopt this in a new version of the draft.

>  
> 
> On Fri, Feb 21, 2020 at 12:15 PM Alex Davidson <adavidson=40cloudflare.com@dmarc.ietf.org <mailto:40cloudflare.com@dmarc.ietf.org>> wrote:
> I’ve now pushed a WIP draft for the architecture document (draft-davidson-pp-architecture) to the same repo (https://github.com/alxdavids/privacy-pass-ietf/tree/master/drafts <https://github.com/alxdavids/privacy-pass-ietf/tree/master/drafts>).. There are a lot of TODOs still to address and I’m away for the next week, but I’m going to pick it back up when I return. Still aiming to have something submitted by the IETF 107 draft deadline on 9 March.
> 
> The pp-protocol document is not currently very prescriptive about the data formats of each of the types that are sent in protocol messages etc. This is something that I am going to start addressing and, ideally, I’m going to rewrite to be consistent with the TLS presentation language [RFC8446 <https://tools.ietf.org/html/rfc8446>] for compiling everything into standard formats (as it is also done in MLS, https://tools.ietf.org/html/draft-ietf-mls-protocol-08 <https://tools.ietf.org/html/draft-ietf-mls-protocol-08>).
> 
> Both drafts are still at a very early stage and so all feedback and contributions are very welcome (either here on the mailing list, or as GitHub issues/PRs are fine).
> 
> Alex
> 
>> On 12 Feb 2020, at 17:35, Alex Davidson <adavidson@cloudflare.com <mailto:adavidson@cloudflare.com>> wrote:
>> 
>> Hi all,
>> 
>> I’ve taken an initial stab at a draft for the generic protocol overview at https://github.com/alxdavids/privacy-pass-ietf/blob/master/drafts/draft-davidson-pp-protocol/ <https://github.com/alxdavids/privacy-pass-ietf/blob/master/drafts/draft-davidson-pp-protocol/>. I refactored out most of the stuff from the existing draft-privacy-pass doc. The biggest change is that I decided to go with a wrapper API around the VOPRF API for constructing the protocol. I then provide a specific implementation of this API using the VOPRF protocol. I think this will help when devising extensions to the protocol as it will enable others to either: modify the VOPRF API that is used, or to just modify the way that the PP API is implemented altogether (in situations that may not use VOPRFs, such as in the case of public verifiability).
>> 
>> Some other things/questions to consider:
>> 
>> - I avoided any of the discussions around the architecture required for maintaining client privacy, this includes how key rotation works. I decided that these considerations are beyond the scope of the generic protocol description, but happy to hear contrasting opinions?
>> - The extension policy could probably do with some work. Since the privacy considerations will be in a separate document, currently I am assuming that any proposed extension satisfies the policies that will exist in each of the core three documents.
>> - Is the proposed API suitable? Are there any concerns for potential extensions using this API?
>> - I had to define some specific functionality for interacting with the groups used in the VOPRF implementation. Perhaps these can be moved to the VOPRF draft? 
>> - The provision of the security guarantees are lifted from https://petsymposium.org/2018/files/papers/issue3/popets-2018-0026.pdf <https://petsymposium.org/2018/files/papers/issue3/popets-2018-0026..pdf> and https://eprint.iacr.org/2020/072.pdf <https://eprint.iacr.org/2020/072.pdf> on the basis that the API implements the same protocol when using the VOPRF from draft-irtf-cfrg-voprf. This should probably be verified.
>> - There are some minor TODOs that need to be fixed, such as links to non-existent drafts.
>> 
>> I’ll start putting something together for the architecture document.
>> 
>> Cheers,
>> Alex
>> 
>>> On 6 Feb 2020, at 17:41, Alex Davidson <adavidson@cloudflare.com <mailto:adavidson@cloudflare.com>> wrote:
>>> 
>>> Hi Steven,
>>> 
>>>> On 6 Feb 2020, at 15:22, Steven Valdez <svaldez=40google.com@dmarc.ietf.org <mailto:svaldez=40google.com@dmarc.ietf.org>> wrote:
>>>> 
>>>> Yeah, it makes sense not to wait for the BoF to start iterating on initial docs. Are you planning on putting the split document in a git repo somewhere? Might make sense to set up a repo with all the base drafts in one place as separate files (ala the QUIC WG) so that people can file issues/PRs.
>>> 
>>> This is a good idea. I’ve repurposed the repo where I was hosting the draft charter previously to also include a space for working on the drafts here: https://github.com/alxdavids/privacy-pass-ietf/ <https://github.com/alxdavids/privacy-pass-ietf/>. I’ve placed the original draft-privacy-pass document in the drafts/ folder there, and we can use this space as a single location for contributing to these base drafts. Once a WG is formed, we can move this repo into a specific WG repo.
>>> 
>>>> 
>>>> I can take a stab at making a draft with a generic version of the integrations from the Trust Token API as a starting point for the third draft. I think fully specifying it will be dependent on the first two drafts, but having a starting point to feedback into laying out the earlier protocol/architecture descriptions would likely be useful for further iterating on those drafts.
>>> 
>>> This would be helpful, thanks.
>>> 
>>> Alex
>>> 
>>>> 
>>>> -Steven
>>>> 
>>>> On Thu, Feb 6, 2020 at 7:31 AM Alex Davidson <adavidson=40cloudflare.com@dmarc.ietf.org <mailto:40cloudflare..com@dmarc.ietf.org>> wrote:
>>>> Since there has been no more feedback on the charter that was proposed, I think that it may be useful to start work on drafting the three main documents that make up the protocol specification. Having some initial write-ups before the BoF @ IETF107 will also help to determine the agenda for the meeting if there any initial issues that arise from the writing process.
>>>> 
>>>> These three documents should cover the following:
>>>> 
>>>> - The generic description of the protocol, based on VOPRFs (or similar), including specification of security considerations, protocol messages and a framework for introducing extensions.
>>>> - The wider architecture for running the protocol: public interfaces, key rotation, privacy goals, applications, analysis of tracking potential/incentives for not following protocol.
>>>> - The API: specify how privacy pass data is integrated with HTTP requests/responses, and where key material is stored/how it is accessed.
>>>> 
>>>> Currently there is a single draft document (https://datatracker.ietf.org/doc/draft-privacy-pass/ <https://datatracker.ietf.org/doc/draft-privacy-pass/>) that includes considerations mostly spanning from the first two documents (although it is also includes some key management specifics). I can start to split this document into two parts that could be used to initiate the process of writing the initial drafts covering the first two points.
>>>> 
>>>> The third point is not well specified as of yet, but there are some applications such as the Trust Token API that integrate with HTTP already: https://github.com/WICG/trust-token-api <https://github.com/WICG/trust-token-api>.. Perhaps the third document necessarily needs to succeed the first two? But if anyone would be willing to start working on this document also, then that would be useful.
>>>> 
>>>> Alex
>>>> -- 
>>>> Privacy-pass mailing list
>>>> Privacy-pass@ietf.org <mailto:Privacy-pass@ietf.org>
>>>> https://www.ietf.org/mailman/listinfo/privacy-pass <https://www.ietf.org/mailman/listinfo/privacy-pass>
>>>> 
>>>> 
>>>> -- 
>>>> 
>>>> Steven Valdez |	 Chrome Privacy Sandbox |	 svaldez@google.com <mailto:svaldez@google.com> |	 210-692-4742 <tel:(210)%20692-4742>
>> 
> 
> 
> 
> -- 
> 
> Steven Valdez |	 Chrome Privacy Sandbox |	 svaldez@google.com <mailto:svaldez@google.com> |	 210-692-4742

v2.23.0 | Report a Bug | By Email