IETF Logo Mail Archive

Re: [Privacy-pass] Issuer directory representation (#369)

Joseph Salowey <joe@salowey.net> Mon, 26 June 2023 15:33 UTC

Return-Path: <joe@salowey.net>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3819CC1516EA for <privacy-pass@ietfa.amsl.com>; Mon, 26 Jun 2023 08:33:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=salowey-net.20221208.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TqvirJ-YXsrc for <privacy-pass@ietfa.amsl.com>; Mon, 26 Jun 2023 08:33:32 -0700 (PDT)
Received: from mail-lj1-x22e.google.com (mail-lj1-x22e.google.com [IPv6:2a00:1450:4864:20::22e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A2B9C1519A8 for <privacy-pass@ietf.org>; Mon, 26 Jun 2023 08:33:22 -0700 (PDT)
Received: by mail-lj1-x22e.google.com with SMTP id 38308e7fff4ca-2b69e6d324aso21129721fa.0 for <privacy-pass@ietf.org>; Mon, 26 Jun 2023 08:33:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=salowey-net.20221208.gappssmtp.com; s=20221208; t=1687793600; x=1690385600; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=JMzoqC31cfoUYs1sDSl8GRQu7evM9kD09ECzsv7xyx4=; b=yPcQFvUxFfIAgzMoqeFDwAuFEMdOjQVEjTrFmt9OLcCciBYHfMIawxhuSJmLpkPA3k Mk52zyJ0rDw9X4CCBM1ghQXn+oOl15Hol+YrCwb4i6vMKskiCvdG1FPfKSSxpsZ0UtUk 099JbAAvAi3mDbWIe0oFvRT5fQ7+Panyh1wbsoCVyEGGkoptO1QH8Ce5KOHXzmCbqtm3 WsyfcqrLc5G+T0CxCs+WmYaJ7Mh7Rz7yUSV9EEbkLnY2JxSTGvbUTOJs9jJZ1OKOZiQJ nlc429258L3PLWJ9UL3vD9utWBM4Fbecq2jfeZpPJxvtrqVAGo7+qRDMDf+9xzndGf// YwyA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687793600; x=1690385600; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=JMzoqC31cfoUYs1sDSl8GRQu7evM9kD09ECzsv7xyx4=; b=IvZE3R8UMTps5IyZVtLbQIjDBWYmAA61Z8UztCtaVdD2kw/vfGQV7Ge/vTviPdnVHQ EtGrkk1nPTyuxn2Ypw/qpbS8Yzs0RF4GqrhwUxCQmMrOEOusyTkys65M+6/nupsWg/YZ ZYn26b5VZNrciguqgx3LDmmONa/6p7poTFozY/Ro8s11G0lEObSRlSf/eH3EvvbY/Oip BVyzaulRc8kYTm/rXhb5A4yKtTpZEkjSAxdlJ8ZA3SQqa/xlqQQa/N97l69kDSOAfNoV jKooVHFMIl9fdD/pOuWypaMPqtxp+JBb0thHFC3kzJFN5RzqvIv+pyCq61Q9YmCz2wgE IGvA==
X-Gm-Message-State: AC+VfDzrZKrNSs/U3J0GimVws960jN5Cpwaa+9NG7AAe7rQccqsEo7R9 BSvMMn43L/t3DQabwuKuHzKrbtSpa4J3g8p4seFbmg==
X-Google-Smtp-Source: ACHHUZ5y+PLuZ8ImcQCNBb7WI6z9mizIrUQd51YAzwUrvjnkFKGJsgGLL3IbCNjZ02D9D40k+PrGVCeZ1K3SDFXv6DE=
X-Received: by 2002:a2e:9a96:0:b0:2b6:9f9b:536 with SMTP id p22-20020a2e9a96000000b002b69f9b0536mr2162191lji.35.1687793599566; Mon, 26 Jun 2023 08:33:19 -0700 (PDT)
MIME-Version: 1.0
References: <382108BA-762E-4F5F-A128-3C8682B3F928@apple.com> <C46CC5CB-24E1-47FC-BC43-92F1727B3B0C@heapingbits.net> <7AD8C944-B90C-4C89-A679-811A244CF722@heapingbits.net>
In-Reply-To: <7AD8C944-B90C-4C89-A679-811A244CF722@heapingbits.net>
From: Joseph Salowey <joe@salowey.net>
Date: Mon, 26 Jun 2023 08:33:07 -0700
Message-ID: <CAOgPGoBRD762qmsMx6UEr33Ot5XFH10JjFZp=ZK0tWn9BTxUdQ@mail.gmail.com>
To: Christopher Wood <caw@heapingbits.net>
Cc: Tommy Pauly <tpauly@apple.com>, privacypass-chairs@ietf.org, Colin Bendell <colin@bendell.ca>, Eli-Shaoul Khedouri <eli=40intuitionmachines.com@dmarc.ietf.org>, privacy-pass@ietf.org
Content-Type: multipart/alternative; boundary="000000000000f4e70705ff0a1113"
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/s0MI1PEIJ7Hyc6ctvBPbxgoPJAY>
Subject: Re: [Privacy-pass] Issuer directory representation (#369)
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Pass Protocol <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jun 2023 15:33:34 -0000

On Mon, Jun 26, 2023 at 5:56 AM Christopher Wood <caw@heapingbits.net>
wrote:

> To close the loop here, we published a new version that included #381. All
> outstanding issues are now resolved.
>
> Chairs, can we please move this forward?
>
>
[Joe] Yes, Shepherd write-up is in progress, review welcome -
https://datatracker.ietf.org/doc/draft-ietf-privacypass-protocol/shepherdwriteup/


> Thanks,
> Chris
>
> > On Jun 16, 2023, at 7:51 PM, Christopher Wood <caw@heapingbits.net>
> wrote:
> >
> >
> > On Jun 16, 2023, at 6:12 PM, Tommy Pauly <tpauly@apple.com> wrote:
> >>
> >> 
> >>
> >>> On Jun 16, 2023, at 11:13 AM, Colin Bendell <colin@bendell.ca> wrote:
> >>>
> >>>
> >>>
> >>> On Fri, 16 Jun 2023 at 13:07, Christopher Wood <caw@heapingbits.net>
> wrote:
> >>>
> >>>> On Jun 16, 2023, at 12:58 PM, Colin Bendell <colin@bendell.ca> wrote:
> >>>>
> >>>> 
> >>>>
> >>>> On Thu, 15 Jun 2023 at 19:28, Christopher Wood <caw@heapingbits.net>
> wrote:
> >>>> To hopefully close the loop in this, I put together this PR that
> conceptually lifts the concept of key commitments from PSTs into the
> current Privacy Pass issuer directory:
> >>>>
> >>>> I initiated this thread after contrasting the similar key-sets
> exposed forPrivacyPass and Private-State-Tokens. As an outsider here, I'd
> like to see PrivacyPass expand the set of tokens so that PST can remove the
> definition from the W3C spec and depend exclusively on the PrivacyPass
> definition. To this end, the issuer directory should also include:
> >>>> * expiry
> >>>> * batch-size
> >>>> * key-id / version
> >>>
> >>> I think expiry information can be inferred from the resource’s cache
> control directives,
> >>>
> >>> I think you missed my comments below.
> >>>
> >>> As I said, the http cache-control only describes the document's
> lifecycle. Two main issues:
> >>>
> >>> 1. The directory might have a TTL, but that doesn't reflect the
> specific age of each entry. What TTL should you set for a directory of 100
> keys with a rolling 60 day offset for expiration? I think what you are
> assuming is that the CC should be 60 day and then the expired entry just
> disappears magically leaving 99? The challenge of course is that this
> doesn't give any signal to the consumer which key is nearing expiration
> relative to the other keys.
> >>>
> >>> 2. The TTL from Cache-Control does not cleanly map to an expiration
> date/time since you need to depend on other transient details. (This is a
> classic problem of the interdependence of the Age, Date and Cache-Control
> headers). For an infrastructure operator, certificates are expected to have
> a fixed date/time for expiration and when the cert will be removed from
> rotation. This provides assurances of a token that is issued and when to
> expect that the token should expire. Just depending on the cert to be
> 'removed' from the directory is a surprising behavior for certificate
> change management processes.
> >>>
> >>> Further, as I mentioned below, in the PST case, the specific
> expiration of a key is used in the selection process in the client-issuer
> communication. In PST, the UA uses 6 keys with the longest expiry date.
> Only tokens issued from this 6 can be added, while previous tokens are
> permitted. (I'm not sure how strong this argument is, since I'm not sure
> how much of a priority it is to converge the W3C / IETF variations. As an
> outsider, it would be nice if these spec's did align. Allowing for these
> directory attributes would pave a way to simplify the W3C spec. IMHO of
> course)
> >>
> >> A meta-comment here:
> >>
> >> There shouldn't be any “variants” between the W3C and IETF — any
> extensions for the web that W3C does should be built upon Privacy Pass, but
> not something in contradiction to it. All of these other deployment models
> (like what is proposed in PST) are just ways to instantiate Privacy Pass,
> and should align with privacy pass as a standard.
> >>
> >> In this case, of course other specs can add recommended keys to add to
> a JSON dictionary (that can still align), or we could define “not-after”
> while we’re defining “not-before” and just be done with it.
> >
> > Given that we have not had a need for not-after with current
> deployments, I suggest punting this to a future document. The cache control
> directives have been sufficient so far. Let’s not add complexity when it’s
> not yet needed.
> >
> > Best,
> > Chris
> >
> >>
> >> Tommy
> >>
> >>>
> >>> and version is implied from the list of keys in the directory. That
> leaves key ID and batch size. The former is computed directly from the
> public key, so we don’t need to redundantly include it. The latter could be
> included as an optional parameter for issuance protocols that want to
> communicate this hint to the client. That parameter could even be included
> in the batch token issuance spec (
> https://datatracker.ietf.org/doc/draft-robert-privacypass-batched-tokens/).
>
> >>>
> >>> Ah! Why not merge the support for batch-tokens into the type=1
> definition? I had assumed this was the intention since VOPRF BlindEvaluate
> function (draft 21) already allows for individual or arrays of elements.
> The only gap then is the TokenRequest & TokenResponse structs (and possibly
> adding ristretto255-SHA512 ) This is probably a different conversation
> though. The cross-over is the necessity to specify the batch-size in the
> issuer-directory.
> >>>
> >>>
> >>> So altogether I think we’re covered?
> >>>
> >>> Best,
> >>> Chris
> >>>
> >>>>
> >>>> Expiration is important for PST because it is used by the UA to
> select from a set of possible keys. HTTP Cache-Control does not serve the
> same function as a certificate expiration. The cache-control header
> reflects the ttl of the directory, but the expiration for each public key.
> If we were to use HTTP cache policies, all public keys would be treated as
> if they had the same expiration.
> >>>>
> >>>> Batch-Size is interesting for VOPRF workflows where the issuance
> request includes multiple nonces. In this case the compute work for the
> issue request needs to be known apriori. Can the issuer handle 1 or 10 or
> 100 token batches?
> >>>>
> >>>> key-id or version is not needed for the protocol, but as a dev
> ergonomics it is nice to have a common implementation. Is it called
> 'version' or 'id' or 'key-id'?
> >>>>
> >>>> I think we can pursue alternative representations separately.
> >>>>
> >>>> Sounds good.
> >>>>
> >>>> /colin
> >>> --
> >>> Privacy-pass mailing list
> >>> Privacy-pass@ietf.org
> >>> https://www.ietf.org/mailman/listinfo/privacy-pass
> >>
> > --
> > Privacy-pass mailing list
> > Privacy-pass@ietf.org
> > https://www.ietf.org/mailman/listinfo/privacy-pass
>
>

v2.23.0 | Report a Bug | By Email