IETF Logo Mail Archive

Re: [Privacy-pass] Issuer directory representation (#369)

Christopher Wood <caw@heapingbits.net> Fri, 16 June 2023 23:51 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85C01C14CEFF for <privacy-pass@ietfa.amsl.com>; Fri, 16 Jun 2023 16:51:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, MIME_HTML_ONLY_MULTI=0.001, MIME_QP_LONG_LINE=0.001, MPART_ALT_DIFF=0.79, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b="XpiM02Z4"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="JSxNfWZs"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a9GlRjuG-4fv for <privacy-pass@ietfa.amsl.com>; Fri, 16 Jun 2023 16:51:16 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF5A3C14F74E for <privacy-pass@ietf.org>; Fri, 16 Jun 2023 16:51:16 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 75D675C01DA; Fri, 16 Jun 2023 19:51:13 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Fri, 16 Jun 2023 19:51:13 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=cc:cc:content-transfer-encoding:content-type:content-type :date:date:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to; s=fm2; t=1686959473; x=1687045873; bh=fClQKwIlmbsdOkEoNgQfklcqj i+qP9pRNdaBHxNw3I4=; b=XpiM02Z4MQIUBoQK9zOXE7Cc7aveZLIt9Mb8snof3 2JggH1dstmG3cQ4I5GOmd0e+l1le3FYzdLGOXbkoBOykkcyiK93GoGPktztHr1Bt n/Bcpn/a1nRiT70BV9USozw+RfxC/F+gJgOSfdJJTrDKHfE3Ojynmp/vJz9KmzG6 kQNjqc4D7wL2dulWlfk9fgS4JOJ0D30hoaTqP0JekJw1E5xLRmZB7CKQkiDVLTn8 a8j+y3/xlN6sowqEWdifYINgsn9rQg8xmQBJ1IwBfVdcWD5snQ4xBPbOSzbceE/v rRZ2LwsfljwQwCKsiS2K8mzGEThRKoGmMcLnZZOmYstJw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:sender:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t= 1686959473; x=1687045873; bh=fClQKwIlmbsdOkEoNgQfklcqji+qP9pRNda BHxNw3I4=; b=JSxNfWZsWNoCDn81qx0NdgZu4S3P2REpuE3xfpOOyPFPU5kMsAo ke6WGIGj8YMTVB/HzfYus0IZznjwGuc1gEuo81/JhDDuEGHhecVcxPo3IQBOgCxG tDrxHzZRdeP98pgY7dPuMmAK/HIcBhaxLQYncfFukij3P20mTT6FRjjKgF5Eof+e EwweYBstiGt3BLWZu7BNZ0iencFtyFAYpSKCvgpjNgtVPytadcFbd6YnYDAnNUjy oH/0sJ3UXEiO6tBJoOnYE75tlyuL6SlZsRODW8RszQwqOFpFUvF77LxziistMlTO lXoSx4+DBcDUfFlLeyauOhYDjeE3Jv9hszQ==
X-ME-Sender: <xms:cfWMZEpcDMU1akKOnzM-7ogy9Wr5lwkiLcNOC0XZkcHmk00NPs9xOw> <xme:cfWMZKrjW4nhCm4K7vKOeCCNmf1bwReq5YYiNmkrlH1dh92dQMoKu8VLBjvYa08xo A5iQq90z46U4hhFmDw>
X-ME-Received: <xmr:cfWMZJMDw04WyFno-0hZRnM4wrGVD4E4EhZKaBMonjel3ck1rxFA3C51tx0GPbbnjECvmBa-WDn3JSo4ppJs9JlrRYde5mu_Kit70XhmUt3xphPnY1tcSg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrgedvhedgvdekucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne fqnhhlhicuohhnvgcuphgrrhhtucdlhedumdenucfjughrpegtgffhggfufffkfhevjgfv ofesrgejmherhhdtjeenucfhrhhomhepvehhrhhishhtohhphhgvrhcuhghoohguuceotg grfieshhgvrghpihhnghgsihhtshdrnhgvtheqnecuggftrfgrthhtvghrnhepkedtffei fffghfeifeejvedvueeiveekleffjeelheevffeghfefveefleefffegnecuffhomhgrih hnpehivghtfhdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgr ihhlfhhrohhmpegtrgifsehhvggrphhinhhgsghithhsrdhnvght
X-ME-Proxy: <xmx:cfWMZL4DpsjQkCMrSwLEdYgZdOjFOOj4WI1XOsG_wmVs3dXwGOeQpg> <xmx:cfWMZD4QeAlKdSqKibBBJd93XfO5fqucgg8Ya3aOnSh04Q9Q01hrXQ> <xmx:cfWMZLg6xSS7NPry0bE9Fl7qaR3AsNgFlQMo9ZXR3OeQ7prGxrJC4w> <xmx:cfWMZDGnUWKnWKjsoh0bYsEGtwPw9Z10GEBn5vdTHLG6T-ozS0WHfw>
Feedback-ID: i2f494406:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 16 Jun 2023 19:51:13 -0400 (EDT)
Content-Type: multipart/alternative; boundary="Apple-Mail-24C88B32-2FCF-4D52-AE92-6749F0DA87C4"
Content-Transfer-Encoding: 7bit
From: Christopher Wood <caw@heapingbits.net>
Mime-Version: 1.0 (1.0)
Date: Fri, 16 Jun 2023 19:51:02 -0400
Message-Id: <C46CC5CB-24E1-47FC-BC43-92F1727B3B0C@heapingbits.net>
References: <382108BA-762E-4F5F-A128-3C8682B3F928@apple.com>
Cc: Colin Bendell <colin@bendell.ca>, Eli-Shaoul Khedouri <eli=40intuitionmachines.com@dmarc.ietf.org>, privacy-pass@ietf.org
In-Reply-To: <382108BA-762E-4F5F-A128-3C8682B3F928@apple.com>
To: Tommy Pauly <tpauly@apple.com>
X-Mailer: iPhone Mail (20F66)
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/mBlqVmYC_p2JilTYtKhWF3xNr08>
Subject: Re: [Privacy-pass] Issuer directory representation (#369)
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Pass Protocol <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jun 2023 23:51:22 -0000


On Jun 16, 2023, at 6:12 PM, Tommy Pauly <tpauly@apple.com> wrote:



On Jun 16, 2023, at 11:13 AM, Colin Bendell <colin@bendell.ca> wrote:



On Fri, 16 Jun 2023 at 13:07, Christopher Wood <caw@heapingbits.net> wrote:

On Jun 16, 2023, at 12:58 PM, Colin Bendell <colin@bendell.ca> wrote:



On Thu, 15 Jun 2023 at 19:28, Christopher Wood <caw@heapingbits.net> wrote:
To hopefully close the loop in this, I put together this PR that conceptually lifts the concept of key commitments from PSTs into the current Privacy Pass issuer directory:

I initiated this thread after contrasting the similar key-sets exposed forPrivacyPass and Private-State-Tokens. As an outsider here, I'd like to see PrivacyPass expand the set of tokens so that PST can remove the definition from the W3C spec and depend exclusively on the PrivacyPass definition. To this end, the issuer directory should also include:
* expiry
* batch-size
* key-id / version

I think expiry information can be inferred from the resource’s cache control directives, 

I think you missed my comments below. 

As I said, the http cache-control only describes the document's lifecycle. Two main issues:

1. The directory might have a TTL, but that doesn't reflect the specific age of each entry. What TTL should you set for a directory of 100 keys with a rolling 60 day offset for expiration? I think what you are assuming is that the CC should be 60 day and then the expired entry just disappears magically leaving 99? The challenge of course is that this doesn't give any signal to the consumer which key is nearing expiration relative to the other keys.

2. The TTL from Cache-Control does not cleanly map to an expiration date/time since you need to depend on other transient details. (This is a classic problem of the interdependence of the Age, Date and Cache-Control headers). For an infrastructure operator, certificates are expected to have a fixed date/time for expiration and when the cert will be removed from rotation. This provides assurances of a token that is issued and when to expect that the token should expire. Just depending on the cert to be 'removed' from the directory is a surprising behavior for certificate change management processes.

Further, as I mentioned below, in the PST case, the specific expiration of a key is used in the selection process in the client-issuer communication. In PST, the UA uses 6 keys with the longest expiry date. Only tokens issued from this 6 can be added, while previous tokens are permitted. (I'm not sure how strong this argument is, since I'm not sure how much of a priority it is to converge the W3C / IETF variations. As an outsider, it would be nice if these spec's did align. Allowing for these directory attributes would pave a way to simplify the W3C spec. IMHO of course)

A meta-comment here:

There shouldn't be any “variants” between the W3C and IETF — any extensions for the web that W3C does should be built upon Privacy Pass, but not something in contradiction to it. All of these other deployment models (like what is proposed in PST) are just ways to instantiate Privacy Pass, and should align with privacy pass as a standard.

In this case, of course other specs can add recommended keys to add to a JSON dictionary (that can still align), or we could define “not-after” while we’re defining “not-before” and just be done with it.

Given that we have not had a need for not-after with current deployments, I suggest punting this to a future document. The cache control directives have been sufficient so far. Let’s not add complexity when it’s not yet needed. 

Best,
Chris 


Tommy


and version is implied from the list of keys in the directory. That leaves key ID and batch size. The former is computed directly from the public key, so we don’t need to redundantly include it. The latter could be included as an optional parameter for issuance protocols that want to communicate this hint to the client. That parameter could even be included in the batch token issuance spec (https://datatracker.ietf.org/doc/draft-robert-privacypass-batched-tokens/" target="_blank" rel="nofollow">https://datatracker.ietf.org/doc/draft-robert-privacypass-batched-tokens/). 

Ah! Why not merge the support for batch-tokens into the type=1 definition? I had assumed this was the intention since VOPRF BlindEvaluate function (draft 21) already allows for individual or arrays of elements. The only gap then is the TokenRequest & TokenResponse structs (and possibly adding ristretto255-SHA512 ) This is probably a different conversation though. The cross-over is the necessity to specify the batch-size in the issuer-directory.
 

So altogether I think we’re covered?

Best,
Chris 


Expiration is important for PST because it is used by the UA to select from a set of possible keys. HTTP Cache-Control does not serve the same function as a certificate expiration. The cache-control header reflects the ttl of the directory, but the expiration for each public key. If we were to use HTTP cache policies, all public keys would be treated as if they had the same expiration. 

Batch-Size is interesting for VOPRF workflows where the issuance request includes multiple nonces. In this case the compute work for the issue request needs to be known apriori. Can the issuer handle 1 or 10 or 100 token batches?

key-id or version is not needed for the protocol, but as a dev ergonomics it is nice to have a common implementation. Is it called 'version' or 'id' or 'key-id'?
 
I think we can pursue alternative representations separately.

Sounds good. 

/colin
-- 
Privacy-pass mailing list
Privacy-pass@ietf.org
https://www.ietf.org/mailman/listinfo/privacy-pass

v2.23.0 | Report a Bug | By Email