IETF Logo Mail Archive

Re: [Privacy-pass] AD review of draft-ietf-privacypass-protocol-11

Christopher Wood <caw@heapingbits.net> Wed, 16 August 2023 18:33 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A173C15198D; Wed, 16 Aug 2023 11:33:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b="MTUb0Z/j"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="EIgSxjnj"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U4rhK6Y7EgIL; Wed, 16 Aug 2023 11:33:39 -0700 (PDT)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94E32C15EF21; Wed, 16 Aug 2023 11:33:39 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id DCC245C00BC; Wed, 16 Aug 2023 14:33:38 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Wed, 16 Aug 2023 14:33:38 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=cc:cc:content-transfer-encoding:content-type:content-type :date:date:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to; s=fm1; t=1692210818; x=1692297218; bh=O6t5jvq7eJVNj9lWRMi+rrUrq 3QzwbE5lMnOXiTusbk=; b=MTUb0Z/jEc4PrRnbt/aqOIxAlaQ6wcbIG0XbWMRBC PI3ICXp5KCYKZ/Y+zdm7OkuD3QBO/4BZHODM1KYaHGNMFK3WOApSNOZjb9Nvoktb 23BUrXQCNGZ5o1kJndc43w7R/pmo+ctLmsAG6HpTXh81gpccQn88aDmui2ZBmWul zyWcx4Kdo020H3bRtQIq0VmXUooJ8j5k1Kox/Rxlmpndy61eQXC/ofrbcB+t7AAP sOtzDBiyt96nq+yyl4RdkaR3NuGq1u0jx8urGQyrqYNUiCQTopZ8HJLlCfNTFdaC k+r6OpJ1/vP1BOVY8iw51oQmyEouMIyu0SceeDsKiLY0Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:sender:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t= 1692210818; x=1692297218; bh=O6t5jvq7eJVNj9lWRMi+rrUrq3QzwbE5lMn OXiTusbk=; b=EIgSxjnjeFvCxo7oy8RvS8Vs5MCTUEZ92PmcPFfluD4dV1UTAKL XcQQbmObe/Yo/WGJ02ihbATfT2OvL7inKzXk9PGmOd+aksh9zVDkNTs8JuaT+EID k9r2fGqTIokdJ/aOWrE2Z1IoZQLNJhrRiFx59YZSrnbY4hFSrmk3/rvJSg7LoM5N P/PBMu7yq99WLz4DmhZgsyrXUU8YG16pmU9ybtDbhlG+NccWvhORdU2wOXwelr6i aNh1/e0Dn7Zk82QRhXj/LW6nTpdLCFFmqSgi1Tpe0xQhi1GAqR3CB/DVk/oy3UNU RP+WC8xIAbIDSvePFDAy/YAfw/FAPxmeaeQ==
X-ME-Sender: <xms:ghbdZG4AgfKMhs1fPo2IkRip_hwXdWcpgVFjxFdYRqXW2qvbWXwbTg> <xme:ghbdZP4erjgOsmB2lbTkxrWuLxQTMQDw1gTdDPPX7-WXRTSbwoWU9xWXjbol-EVp2 5EntqqMLdZjCtTs4wg>
X-ME-Received: <xmr:ghbdZFe-g18SKHwO1wmXNJ_04yHoR3-lr5K2MARstAlP9iJNHnb1W61rg7VIntMRy_dqv1gw__UKknyxSdtQqGxIzSjqY9pvBh7qbG28AugYGX0U>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedviedruddtledguddvjecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurheptggguffhjgffvefgkfhfvffose htqhhmtdhhtdejnecuhfhrohhmpeevhhhrihhsthhophhhvghrucghohhougcuoegtrgif sehhvggrphhinhhgsghithhsrdhnvghtqeenucggtffrrghtthgvrhhnpeekhfejieehff dvueeuudfftdegfeejkedvhfdvgfdukedujefgvedvtdetvdevveenucffohhmrghinhep ghhithhhuhgsrdgtohhmpdguohhirdhorhhgpdhivghtfhdrohhrghenucevlhhushhtvg hrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegtrgifsehhvggrphhinhhg sghithhsrdhnvght
X-ME-Proxy: <xmx:ghbdZDKhMTddzjHfi_X_obSYL7w7fqFX9KWFQNk-NehJ4QvvXuLjWQ> <xmx:ghbdZKJSUElXJ0S7ze2yiXuQCvgM4PqymRy5MXZuaSpP5SYrfRlxQA> <xmx:ghbdZExXr4s3kplPzfHRGwX40Scs6EcJUL1LkKPrnyMNc1leSN2JcA> <xmx:ghbdZMjgFGYiY6YSGvWSAsKIFyUgZszTehHNdmNe_UwzGnjXyu_2CA>
Feedback-ID: i2f494406:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 16 Aug 2023 14:33:38 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.4\))
From: Christopher Wood <caw@heapingbits.net>
In-Reply-To: <CAGL5yWb_uziZ=rB=Aypnv7L9vYPLKX61Ofp+A-SD2joXa51HOw@mail.gmail.com>
Date: Wed, 16 Aug 2023 14:33:38 -0400
Cc: draft-ietf-privacypass-protocol@ietf.org, privacy-pass@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <7C0E1527-8B7A-4FEB-977E-4D02111439E0@heapingbits.net>
References: <CAGL5yWb_uziZ=rB=Aypnv7L9vYPLKX61Ofp+A-SD2joXa51HOw@mail.gmail.com>
To: Paul Wouters <paul.wouters=40aiven.io@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3696.120.41.1.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/isGGULcK2iNEsorI-lOJ5SORaZQ>
Subject: Re: [Privacy-pass] AD review of draft-ietf-privacypass-protocol-11
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Pass Protocol <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Aug 2023 18:33:44 -0000

Thanks for the feedback, Paul! I addressed most of it here:

   https://github.com/ietf-wg-privacypass/base-drafts/pull/435

Please see inline below for responses to comments that were not addressed.

> On Aug 15, 2023, at 10:30 PM, Paul Wouters <paul.wouters=40aiven.io@dmarc.ietf.org> wrote:
> 
> Thanks for producing this document. It is a clear read. I have a few minor questions and a few comments to consider for improvement.
> 
> Questions:
> 
>         Clients SHOULD NOT use a token key before this timestamp
> 
> Why is this not a MUST NOT ?

Because using a stale key does not necessarily mean that issuance will fail. Issuers can certainly hang onto keys well after the expiration.

> 
> Why is token-keys not called issuer-token-list ? Brings it more in line with
> issuer-request-uri and deconfuses it from token-key. This way, the top layer
> is issuer-* values and the bottom layer is token-* values. Similarly, I would
> name not-before token-not-before.
> 
>         Since Clients truncate token_key_id in each TokenRequest,
>         Issuers should ensure that the truncated form of new key IDs do 
>         not collide with other truncated key IDs in rotation.

Since this is an editorial suggestion that would be a breaking change for shipping implementations, I think it’s best to leave the names as-is for now.

> 
> So why are the token ids truncated? Why not use the full id ?
> 
>         Each key pair SHALL be generated as as specified in FIPS 186-4
> 
> Can this be rephrased as "SHALL be generated securely, for example as specified in FIPS 186-4".
> I find it a bit odd for an IETF document to require a national crypto standard conformance.
> Then you can also keep the DSS reference as informative. If the document ends up keeping
> this text, it would have to reference DSS normatively.
> 
> The DSS link https://dx.doi.org/10.6028/nist.fips.186-4 throw a warning that it is about to
> die and points to an updated reference. Use that instead?
> 
> Comments:
> 
> I find the line breaks for some table items confusing, eg:
> 
>         issuera-
>         request-
>         uri
> 
> People will wonder if that should read as "issuer-request-uri" or "issuerrequesturi"
> There are a number of these in the document (token-key, token-type, ?)

I agree, but this is precisely the sort of thing the RPC is equipped to do, so I did not try to resolve this.

> 
> UNIX timestamp - Maybe refer to https://datatracker.ietf.org/doc/html/rfc8877#section-4.2.1
> 
> 
>         Regular rotation of token keys is recommended to minimize the risk of key compromise.
> 
> You mean minimize the effects of a key compromise ? Or minimize the exposure of compromised keys?
> 
> 
>         The Issuer then tries to deseralize
> 
> Start this sentence on a new line so it becomes clearer this is not part of the just mentioned failure path?
> 
>         The Token.nonce value is that which was sampled in
> 
> Can we say "created" instead of "sampled" ?
> 
>         Otherwise, if the Issuer is willing to produce a token token to the Client
> 
> There is a stray "token" word in that sentence.
> 
> The document references draft-irtf-cfrg-rsa-blind-signatures-13 but -14 is out.
> 
> The last sentence of the Security Consideration section runs on very long and is very hard to
> read. Can this be split in separate sentences?
> 
> The document references  draft-ietf-privacypass-auth-scheme-11  but -12 is out.
> 
> In section 8.2, it refers to an IANA registry by pointing to another document instead of just
> naming the registry. This indirection is not desirable. Just reference the IANA registry
> "Privacy Pass Token Type".
> 
> draft-ietf-privacypass-key-consistency-00 is also an outdated reference, as -01 is available.
> 
> 
> The Shepherds write up answered the question on "required formal expert review criteria,
> such as the MIB Doctor, YANG Doctor, media type, and URI type reviews" as "N/A" but the
> document does add a number of media type registrations.

I’ll leave this one to chairs to respond to.

Best,
Chris

v2.23.0 | Report a Bug | By Email