Re: [Privacy-pass] Issuer directory representation (#369)
Joseph Salowey <joe@salowey.net> Mon, 26 June 2023 15:33 UTC
Return-Path: <joe@salowey.net>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3819CC1516EA for <privacy-pass@ietfa.amsl.com>; Mon, 26 Jun 2023 08:33:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=salowey-net.20221208.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TqvirJ-YXsrc for <privacy-pass@ietfa.amsl.com>; Mon, 26 Jun 2023 08:33:32 -0700 (PDT)
Received: from mail-lj1-x22e.google.com (mail-lj1-x22e.google.com [IPv6:2a00:1450:4864:20::22e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A2B9C1519A8 for <privacy-pass@ietf.org>; Mon, 26 Jun 2023 08:33:22 -0700 (PDT)
Received: by mail-lj1-x22e.google.com with SMTP id 38308e7fff4ca-2b69e6d324aso21129721fa.0 for <privacy-pass@ietf.org>; Mon, 26 Jun 2023 08:33:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=salowey-net.20221208.gappssmtp.com; s=20221208; t=1687793600; x=1690385600; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=JMzoqC31cfoUYs1sDSl8GRQu7evM9kD09ECzsv7xyx4=; b=yPcQFvUxFfIAgzMoqeFDwAuFEMdOjQVEjTrFmt9OLcCciBYHfMIawxhuSJmLpkPA3k Mk52zyJ0rDw9X4CCBM1ghQXn+oOl15Hol+YrCwb4i6vMKskiCvdG1FPfKSSxpsZ0UtUk 099JbAAvAi3mDbWIe0oFvRT5fQ7+Panyh1wbsoCVyEGGkoptO1QH8Ce5KOHXzmCbqtm3 WsyfcqrLc5G+T0CxCs+WmYaJ7Mh7Rz7yUSV9EEbkLnY2JxSTGvbUTOJs9jJZ1OKOZiQJ nlc429258L3PLWJ9UL3vD9utWBM4Fbecq2jfeZpPJxvtrqVAGo7+qRDMDf+9xzndGf// YwyA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687793600; x=1690385600; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=JMzoqC31cfoUYs1sDSl8GRQu7evM9kD09ECzsv7xyx4=; b=IvZE3R8UMTps5IyZVtLbQIjDBWYmAA61Z8UztCtaVdD2kw/vfGQV7Ge/vTviPdnVHQ EtGrkk1nPTyuxn2Ypw/qpbS8Yzs0RF4GqrhwUxCQmMrOEOusyTkys65M+6/nupsWg/YZ ZYn26b5VZNrciguqgx3LDmmONa/6p7poTFozY/Ro8s11G0lEObSRlSf/eH3EvvbY/Oip BVyzaulRc8kYTm/rXhb5A4yKtTpZEkjSAxdlJ8ZA3SQqa/xlqQQa/N97l69kDSOAfNoV jKooVHFMIl9fdD/pOuWypaMPqtxp+JBb0thHFC3kzJFN5RzqvIv+pyCq61Q9YmCz2wgE IGvA==
X-Gm-Message-State: AC+VfDzrZKrNSs/U3J0GimVws960jN5Cpwaa+9NG7AAe7rQccqsEo7R9 BSvMMn43L/t3DQabwuKuHzKrbtSpa4J3g8p4seFbmg==
X-Google-Smtp-Source: ACHHUZ5y+PLuZ8ImcQCNBb7WI6z9mizIrUQd51YAzwUrvjnkFKGJsgGLL3IbCNjZ02D9D40k+PrGVCeZ1K3SDFXv6DE=
X-Received: by 2002:a2e:9a96:0:b0:2b6:9f9b:536 with SMTP id p22-20020a2e9a96000000b002b69f9b0536mr2162191lji.35.1687793599566; Mon, 26 Jun 2023 08:33:19 -0700 (PDT)
MIME-Version: 1.0
References: <382108BA-762E-4F5F-A128-3C8682B3F928@apple.com> <C46CC5CB-24E1-47FC-BC43-92F1727B3B0C@heapingbits.net> <7AD8C944-B90C-4C89-A679-811A244CF722@heapingbits.net>
In-Reply-To: <7AD8C944-B90C-4C89-A679-811A244CF722@heapingbits.net>
From: Joseph Salowey <joe@salowey.net>
Date: Mon, 26 Jun 2023 08:33:07 -0700
Message-ID: <CAOgPGoBRD762qmsMx6UEr33Ot5XFH10JjFZp=ZK0tWn9BTxUdQ@mail.gmail.com>
To: Christopher Wood <caw@heapingbits.net>
Cc: Tommy Pauly <tpauly@apple.com>, privacypass-chairs@ietf.org, Colin Bendell <colin@bendell.ca>, Eli-Shaoul Khedouri <eli=40intuitionmachines.com@dmarc.ietf.org>, privacy-pass@ietf.org
Content-Type: multipart/alternative; boundary="000000000000f4e70705ff0a1113"
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/s0MI1PEIJ7Hyc6ctvBPbxgoPJAY>
Subject: Re: [Privacy-pass] Issuer directory representation (#369)
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Pass Protocol <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jun 2023 15:33:34 -0000
On Mon, Jun 26, 2023 at 5:56 AM Christopher Wood <caw@heapingbits.net> wrote: > To close the loop here, we published a new version that included #381. All > outstanding issues are now resolved. > > Chairs, can we please move this forward? > > [Joe] Yes, Shepherd write-up is in progress, review welcome - https://datatracker.ietf.org/doc/draft-ietf-privacypass-protocol/shepherdwriteup/ > Thanks, > Chris > > > On Jun 16, 2023, at 7:51 PM, Christopher Wood <caw@heapingbits.net> > wrote: > > > > > > On Jun 16, 2023, at 6:12 PM, Tommy Pauly <tpauly@apple.com> wrote: > >> > >> > >> > >>> On Jun 16, 2023, at 11:13 AM, Colin Bendell <colin@bendell.ca> wrote: > >>> > >>> > >>> > >>> On Fri, 16 Jun 2023 at 13:07, Christopher Wood <caw@heapingbits.net> > wrote: > >>> > >>>> On Jun 16, 2023, at 12:58 PM, Colin Bendell <colin@bendell.ca> wrote: > >>>> > >>>> > >>>> > >>>> On Thu, 15 Jun 2023 at 19:28, Christopher Wood <caw@heapingbits.net> > wrote: > >>>> To hopefully close the loop in this, I put together this PR that > conceptually lifts the concept of key commitments from PSTs into the > current Privacy Pass issuer directory: > >>>> > >>>> I initiated this thread after contrasting the similar key-sets > exposed forPrivacyPass and Private-State-Tokens. As an outsider here, I'd > like to see PrivacyPass expand the set of tokens so that PST can remove the > definition from the W3C spec and depend exclusively on the PrivacyPass > definition. To this end, the issuer directory should also include: > >>>> * expiry > >>>> * batch-size > >>>> * key-id / version > >>> > >>> I think expiry information can be inferred from the resource’s cache > control directives, > >>> > >>> I think you missed my comments below. > >>> > >>> As I said, the http cache-control only describes the document's > lifecycle. Two main issues: > >>> > >>> 1. The directory might have a TTL, but that doesn't reflect the > specific age of each entry. What TTL should you set for a directory of 100 > keys with a rolling 60 day offset for expiration? I think what you are > assuming is that the CC should be 60 day and then the expired entry just > disappears magically leaving 99? The challenge of course is that this > doesn't give any signal to the consumer which key is nearing expiration > relative to the other keys. > >>> > >>> 2. The TTL from Cache-Control does not cleanly map to an expiration > date/time since you need to depend on other transient details. (This is a > classic problem of the interdependence of the Age, Date and Cache-Control > headers). For an infrastructure operator, certificates are expected to have > a fixed date/time for expiration and when the cert will be removed from > rotation. This provides assurances of a token that is issued and when to > expect that the token should expire. Just depending on the cert to be > 'removed' from the directory is a surprising behavior for certificate > change management processes. > >>> > >>> Further, as I mentioned below, in the PST case, the specific > expiration of a key is used in the selection process in the client-issuer > communication. In PST, the UA uses 6 keys with the longest expiry date. > Only tokens issued from this 6 can be added, while previous tokens are > permitted. (I'm not sure how strong this argument is, since I'm not sure > how much of a priority it is to converge the W3C / IETF variations. As an > outsider, it would be nice if these spec's did align. Allowing for these > directory attributes would pave a way to simplify the W3C spec. IMHO of > course) > >> > >> A meta-comment here: > >> > >> There shouldn't be any “variants” between the W3C and IETF — any > extensions for the web that W3C does should be built upon Privacy Pass, but > not something in contradiction to it. All of these other deployment models > (like what is proposed in PST) are just ways to instantiate Privacy Pass, > and should align with privacy pass as a standard. > >> > >> In this case, of course other specs can add recommended keys to add to > a JSON dictionary (that can still align), or we could define “not-after” > while we’re defining “not-before” and just be done with it. > > > > Given that we have not had a need for not-after with current > deployments, I suggest punting this to a future document. The cache control > directives have been sufficient so far. Let’s not add complexity when it’s > not yet needed. > > > > Best, > > Chris > > > >> > >> Tommy > >> > >>> > >>> and version is implied from the list of keys in the directory. That > leaves key ID and batch size. The former is computed directly from the > public key, so we don’t need to redundantly include it. The latter could be > included as an optional parameter for issuance protocols that want to > communicate this hint to the client. That parameter could even be included > in the batch token issuance spec ( > https://datatracker.ietf.org/doc/draft-robert-privacypass-batched-tokens/). > > >>> > >>> Ah! Why not merge the support for batch-tokens into the type=1 > definition? I had assumed this was the intention since VOPRF BlindEvaluate > function (draft 21) already allows for individual or arrays of elements. > The only gap then is the TokenRequest & TokenResponse structs (and possibly > adding ristretto255-SHA512 ) This is probably a different conversation > though. The cross-over is the necessity to specify the batch-size in the > issuer-directory. > >>> > >>> > >>> So altogether I think we’re covered? > >>> > >>> Best, > >>> Chris > >>> > >>>> > >>>> Expiration is important for PST because it is used by the UA to > select from a set of possible keys. HTTP Cache-Control does not serve the > same function as a certificate expiration. The cache-control header > reflects the ttl of the directory, but the expiration for each public key. > If we were to use HTTP cache policies, all public keys would be treated as > if they had the same expiration. > >>>> > >>>> Batch-Size is interesting for VOPRF workflows where the issuance > request includes multiple nonces. In this case the compute work for the > issue request needs to be known apriori. Can the issuer handle 1 or 10 or > 100 token batches? > >>>> > >>>> key-id or version is not needed for the protocol, but as a dev > ergonomics it is nice to have a common implementation. Is it called > 'version' or 'id' or 'key-id'? > >>>> > >>>> I think we can pursue alternative representations separately. > >>>> > >>>> Sounds good. > >>>> > >>>> /colin > >>> -- > >>> Privacy-pass mailing list > >>> Privacy-pass@ietf.org > >>> https://www.ietf.org/mailman/listinfo/privacy-pass > >> > > -- > > Privacy-pass mailing list > > Privacy-pass@ietf.org > > https://www.ietf.org/mailman/listinfo/privacy-pass > >
- [Privacy-pass] Issuer directory representation (#… Christopher Wood
- Re: [Privacy-pass] Issuer directory representatio… Eli-Shaoul Khedouri
- Re: [Privacy-pass] Issuer directory representatio… Colin Bendell
- Re: [Privacy-pass] Issuer directory representatio… Colin Bendell
- Re: [Privacy-pass] Issuer directory representatio… Tommy Pauly
- Re: [Privacy-pass] Issuer directory representatio… Colin Bendell
- Re: [Privacy-pass] Issuer directory representatio… Tommy Pauly
- Re: [Privacy-pass] Issuer directory representatio… Christopher Wood
- Re: [Privacy-pass] Issuer directory representatio… Christopher Wood
- Re: [Privacy-pass] Issuer directory representatio… Colin Bendell
- Re: [Privacy-pass] Issuer directory representatio… Christopher Wood
- Re: [Privacy-pass] Issuer directory representatio… Colin Bendell
- Re: [Privacy-pass] Issuer directory representatio… Tommy Pauly
- Re: [Privacy-pass] Issuer directory representatio… Christopher Wood
- Re: [Privacy-pass] Issuer directory representatio… Christopher Wood
- Re: [Privacy-pass] Issuer directory representatio… Joseph Salowey