Re: [Privacy-pass] AD review of draft-ietf-privacypass-protocol-11
Christopher Wood <caw@heapingbits.net> Wed, 16 August 2023 18:33 UTC
Return-Path: <caw@heapingbits.net>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A173C15198D; Wed, 16 Aug 2023 11:33:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b="MTUb0Z/j"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="EIgSxjnj"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U4rhK6Y7EgIL; Wed, 16 Aug 2023 11:33:39 -0700 (PDT)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94E32C15EF21; Wed, 16 Aug 2023 11:33:39 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id DCC245C00BC; Wed, 16 Aug 2023 14:33:38 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Wed, 16 Aug 2023 14:33:38 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=cc:cc:content-transfer-encoding:content-type:content-type :date:date:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to; s=fm1; t=1692210818; x=1692297218; bh=O6t5jvq7eJVNj9lWRMi+rrUrq 3QzwbE5lMnOXiTusbk=; b=MTUb0Z/jEc4PrRnbt/aqOIxAlaQ6wcbIG0XbWMRBC PI3ICXp5KCYKZ/Y+zdm7OkuD3QBO/4BZHODM1KYaHGNMFK3WOApSNOZjb9Nvoktb 23BUrXQCNGZ5o1kJndc43w7R/pmo+ctLmsAG6HpTXh81gpccQn88aDmui2ZBmWul zyWcx4Kdo020H3bRtQIq0VmXUooJ8j5k1Kox/Rxlmpndy61eQXC/ofrbcB+t7AAP sOtzDBiyt96nq+yyl4RdkaR3NuGq1u0jx8urGQyrqYNUiCQTopZ8HJLlCfNTFdaC k+r6OpJ1/vP1BOVY8iw51oQmyEouMIyu0SceeDsKiLY0Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:sender:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t= 1692210818; x=1692297218; bh=O6t5jvq7eJVNj9lWRMi+rrUrq3QzwbE5lMn OXiTusbk=; b=EIgSxjnjeFvCxo7oy8RvS8Vs5MCTUEZ92PmcPFfluD4dV1UTAKL XcQQbmObe/Yo/WGJ02ihbATfT2OvL7inKzXk9PGmOd+aksh9zVDkNTs8JuaT+EID k9r2fGqTIokdJ/aOWrE2Z1IoZQLNJhrRiFx59YZSrnbY4hFSrmk3/rvJSg7LoM5N P/PBMu7yq99WLz4DmhZgsyrXUU8YG16pmU9ybtDbhlG+NccWvhORdU2wOXwelr6i aNh1/e0Dn7Zk82QRhXj/LW6nTpdLCFFmqSgi1Tpe0xQhi1GAqR3CB/DVk/oy3UNU RP+WC8xIAbIDSvePFDAy/YAfw/FAPxmeaeQ==
X-ME-Sender: <xms:ghbdZG4AgfKMhs1fPo2IkRip_hwXdWcpgVFjxFdYRqXW2qvbWXwbTg> <xme:ghbdZP4erjgOsmB2lbTkxrWuLxQTMQDw1gTdDPPX7-WXRTSbwoWU9xWXjbol-EVp2 5EntqqMLdZjCtTs4wg>
X-ME-Received: <xmr:ghbdZFe-g18SKHwO1wmXNJ_04yHoR3-lr5K2MARstAlP9iJNHnb1W61rg7VIntMRy_dqv1gw__UKknyxSdtQqGxIzSjqY9pvBh7qbG28AugYGX0U>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedviedruddtledguddvjecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurheptggguffhjgffvefgkfhfvffose htqhhmtdhhtdejnecuhfhrohhmpeevhhhrihhsthhophhhvghrucghohhougcuoegtrgif sehhvggrphhinhhgsghithhsrdhnvghtqeenucggtffrrghtthgvrhhnpeekhfejieehff dvueeuudfftdegfeejkedvhfdvgfdukedujefgvedvtdetvdevveenucffohhmrghinhep ghhithhhuhgsrdgtohhmpdguohhirdhorhhgpdhivghtfhdrohhrghenucevlhhushhtvg hrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegtrgifsehhvggrphhinhhg sghithhsrdhnvght
X-ME-Proxy: <xmx:ghbdZDKhMTddzjHfi_X_obSYL7w7fqFX9KWFQNk-NehJ4QvvXuLjWQ> <xmx:ghbdZKJSUElXJ0S7ze2yiXuQCvgM4PqymRy5MXZuaSpP5SYrfRlxQA> <xmx:ghbdZExXr4s3kplPzfHRGwX40Scs6EcJUL1LkKPrnyMNc1leSN2JcA> <xmx:ghbdZMjgFGYiY6YSGvWSAsKIFyUgZszTehHNdmNe_UwzGnjXyu_2CA>
Feedback-ID: i2f494406:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 16 Aug 2023 14:33:38 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.4\))
From: Christopher Wood <caw@heapingbits.net>
In-Reply-To: <CAGL5yWb_uziZ=rB=Aypnv7L9vYPLKX61Ofp+A-SD2joXa51HOw@mail.gmail.com>
Date: Wed, 16 Aug 2023 14:33:38 -0400
Cc: draft-ietf-privacypass-protocol@ietf.org, privacy-pass@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <7C0E1527-8B7A-4FEB-977E-4D02111439E0@heapingbits.net>
References: <CAGL5yWb_uziZ=rB=Aypnv7L9vYPLKX61Ofp+A-SD2joXa51HOw@mail.gmail.com>
To: Paul Wouters <paul.wouters=40aiven.io@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3696.120.41.1.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/isGGULcK2iNEsorI-lOJ5SORaZQ>
Subject: Re: [Privacy-pass] AD review of draft-ietf-privacypass-protocol-11
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Pass Protocol <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Aug 2023 18:33:44 -0000
Thanks for the feedback, Paul! I addressed most of it here: https://github.com/ietf-wg-privacypass/base-drafts/pull/435 Please see inline below for responses to comments that were not addressed. > On Aug 15, 2023, at 10:30 PM, Paul Wouters <paul.wouters=40aiven.io@dmarc.ietf.org> wrote: > > Thanks for producing this document. It is a clear read. I have a few minor questions and a few comments to consider for improvement. > > Questions: > > Clients SHOULD NOT use a token key before this timestamp > > Why is this not a MUST NOT ? Because using a stale key does not necessarily mean that issuance will fail. Issuers can certainly hang onto keys well after the expiration. > > Why is token-keys not called issuer-token-list ? Brings it more in line with > issuer-request-uri and deconfuses it from token-key. This way, the top layer > is issuer-* values and the bottom layer is token-* values. Similarly, I would > name not-before token-not-before. > > Since Clients truncate token_key_id in each TokenRequest, > Issuers should ensure that the truncated form of new key IDs do > not collide with other truncated key IDs in rotation. Since this is an editorial suggestion that would be a breaking change for shipping implementations, I think it’s best to leave the names as-is for now. > > So why are the token ids truncated? Why not use the full id ? > > Each key pair SHALL be generated as as specified in FIPS 186-4 > > Can this be rephrased as "SHALL be generated securely, for example as specified in FIPS 186-4". > I find it a bit odd for an IETF document to require a national crypto standard conformance. > Then you can also keep the DSS reference as informative. If the document ends up keeping > this text, it would have to reference DSS normatively. > > The DSS link https://dx.doi.org/10.6028/nist.fips.186-4 throw a warning that it is about to > die and points to an updated reference. Use that instead? > > Comments: > > I find the line breaks for some table items confusing, eg: > > issuera- > request- > uri > > People will wonder if that should read as "issuer-request-uri" or "issuerrequesturi" > There are a number of these in the document (token-key, token-type, ?) I agree, but this is precisely the sort of thing the RPC is equipped to do, so I did not try to resolve this. > > UNIX timestamp - Maybe refer to https://datatracker.ietf.org/doc/html/rfc8877#section-4.2.1 > > > Regular rotation of token keys is recommended to minimize the risk of key compromise. > > You mean minimize the effects of a key compromise ? Or minimize the exposure of compromised keys? > > > The Issuer then tries to deseralize > > Start this sentence on a new line so it becomes clearer this is not part of the just mentioned failure path? > > The Token.nonce value is that which was sampled in > > Can we say "created" instead of "sampled" ? > > Otherwise, if the Issuer is willing to produce a token token to the Client > > There is a stray "token" word in that sentence. > > The document references draft-irtf-cfrg-rsa-blind-signatures-13 but -14 is out. > > The last sentence of the Security Consideration section runs on very long and is very hard to > read. Can this be split in separate sentences? > > The document references draft-ietf-privacypass-auth-scheme-11 but -12 is out. > > In section 8.2, it refers to an IANA registry by pointing to another document instead of just > naming the registry. This indirection is not desirable. Just reference the IANA registry > "Privacy Pass Token Type". > > draft-ietf-privacypass-key-consistency-00 is also an outdated reference, as -01 is available. > > > The Shepherds write up answered the question on "required formal expert review criteria, > such as the MIB Doctor, YANG Doctor, media type, and URI type reviews" as "N/A" but the > document does add a number of media type registrations. I’ll leave this one to chairs to respond to. Best, Chris
- [Privacy-pass] AD review of draft-ietf-privacypas… Paul Wouters
- Re: [Privacy-pass] AD review of draft-ietf-privac… Christopher Wood
- Re: [Privacy-pass] AD review of draft-ietf-privac… Paul Wouters
- Re: [Privacy-pass] AD review of draft-ietf-privac… Christopher Wood
- Re: [Privacy-pass] AD review of draft-ietf-privac… Paul Wouters
- Re: [Privacy-pass] AD review of draft-ietf-privac… Christopher Wood
- Re: [Privacy-pass] AD review of draft-ietf-privac… Paul Wouters
- Re: [Privacy-pass] AD review of draft-ietf-privac… Christopher Wood