IETF Logo Mail Archive

Re: [Privacy-pass] Working group last Call for batched Tokens

Christopher Wood <caw@heapingbits.net> Mon, 08 April 2024 16:50 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42D08C14CEFF for <privacy-pass@ietfa.amsl.com>; Mon, 8 Apr 2024 09:50:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.904
X-Spam-Level:
X-Spam-Status: No, score=-1.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, MIME_HTML_ONLY_MULTI=0.001, MIME_QP_LONG_LINE=0.001, MPART_ALT_DIFF=0.79, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b="N3JgskeA"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="SK6Sam58"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gwhJUBEPf5Y8 for <privacy-pass@ietfa.amsl.com>; Mon, 8 Apr 2024 09:50:14 -0700 (PDT)
Received: from fhigh1-smtp.messagingengine.com (fhigh1-smtp.messagingengine.com [103.168.172.152]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B494C15107F for <privacy-pass@ietf.org>; Mon, 8 Apr 2024 09:50:13 -0700 (PDT)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.48]) by mailfhigh.nyi.internal (Postfix) with ESMTP id 550CC1140155; Mon, 8 Apr 2024 12:50:12 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute7.internal (MEProxy); Mon, 08 Apr 2024 12:50:12 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=cc:cc:content-transfer-encoding:content-type:content-type :date:date:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:subject:subject:to:to; s=fm2; t=1712595012; x=1712681412; bh=qMxS2feYVlzhB3gldVzFkEjiJ5j7mPKg WN9z58Mrn2Q=; b=N3JgskeA+Dw0aMOfNWduztfYRq14XzuVZ0NOn5HVdshXDUwI gRLFZ1yD8itXRGpqxuA4Qi/FBf/ER+iDRvSiPtGhn2MaARaC1CclN6Y7UM55uLiS rWPA61IcBb7NGaSDV83x0Kdm1+/xfWJd0XLNc7pt40g5r3g8CVpKIO/jsCAYuAx8 WDs+ERf77cYBhkHf/jFr8p8tQxDQczq/wHrgjo7D3i6PahRYuyL19XV6wxIsVtR9 Wog/t+Xpf3D88GaM+u+JGracvXXkd8y5q2gPvXR0ahEiMc/Z6cw7jEYHAu4eGlBr ywdt6hnnrKkN567AEeS35Bfd6b/9DldS8uf3pg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1712595012; x= 1712681412; bh=qMxS2feYVlzhB3gldVzFkEjiJ5j7mPKgWN9z58Mrn2Q=; b=S K6Sam58Pt5eqJfh0gCA5cNqoLoXX1JyWfSz7aeTkKWRXvJ0mypCnUGisjI/kMn+g IsoVU0VxraOHYn4bfUXOsKs2QmKZCyQ3fq+FgwhtN3NHLB3SAUBy4koHds6tOKnP lCO13V+e+EbRjWBHyS+CtIZNsDm41KK/nnRtxuEQnJzOOgOWy/TU8krTjDSpYoNH R51Py0VF2IgyCouVpZCbFZ++XCMzfsZ16Q0ahHtbx+wwgv0grlc7tUx95QmEp2eA SgiGwacSkGf2o1VnTySws8kSsm26VYaLOXd4aiFl5T+69Av5CRYhfWFQr5L007bS f/ekKbEqsNi5NwoIIbyEA==
X-ME-Sender: <xms:QyAUZr7uc0PZSq7M4BKnByW2WTSXWdlG-INxE99WG3XXuwYRJCs4qQ> <xme:QyAUZg53-QMjj_z0u9zaIqf8Gh5KTCTQ4k9NNdTaAN-z5-255Ky5MvUstNl9TX51q bhNJDX1_7YKyRZyAYo>
X-ME-Received: <xmr:QyAUZieddq6FGwDUmN2B3Nl6TAXBwU-8CzeVytqI6KOGOYorYBy7KtbMd-PH5_xlNsLuSs9XjtNymSZ0MblEGs8rlfVoRxRVMQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrudegiedguddthecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enqfhnlhihuchonhgvuchprghrthculdehuddmnecujfgurheptgfghfggufffkfhfvegj vffosegrjehmrehhtdejnecuhfhrohhmpeevhhhrihhsthhophhhvghrucghohhougcuoe gtrgifsehhvggrphhinhhgsghithhsrdhnvghtqeenucggtffrrghtthgvrhhnpefgvdfh ieeltedvtdeuffethfekgeeuueeigfehteeuveffiedtjeffleehleeufeenucffohhmrg hinhepghhithhhuhgsrdgtohhmpdhivghtfhdrohhrghenucevlhhushhtvghrufhiiigv pedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegtrgifsehhvggrphhinhhgsghithhsrd hnvght
X-ME-Proxy: <xmx:RCAUZsJfidAJX18_XMh6rIYt81ofJrJUEGiVNUdrOKtjKUOOkwhiVA> <xmx:RCAUZvLVofU2Ko8OroC1rEV_sdOiquNmDPbQzuxeYu_sOVOQWUOOjw> <xmx:RCAUZlwgHpSPQQKAp1pPu-vuR7_x4repIKX42Xwm_ys8ojDKX9X3qg> <xmx:RCAUZrIAVDHBj_IcgPtgIfLqxEGQK4fdsJWM9JoQaGx0fcuYXzmEsg> <xmx:RCAUZlhlIOQ2-Q3nb2JuGS7B-yYTbZplgDyY2ARDshdJxiSSggsIW5vN>
Feedback-ID: i2f494406:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 8 Apr 2024 12:50:11 -0400 (EDT)
Content-Type: multipart/alternative; boundary="Apple-Mail-659F834A-16F2-45CA-A58D-52EDD3894205"
Content-Transfer-Encoding: 7bit
From: Christopher Wood <caw@heapingbits.net>
Mime-Version: 1.0 (1.0)
Date: Mon, 08 Apr 2024 12:50:00 -0400
Message-Id: <5506BC20-3DE0-46AC-9701-3223F197AB23@heapingbits.net>
References: <15E0A5B4-C2D7-46E7-A82E-DC15F34323D5@apple.com>
Cc: Joseph Salowey <joe@salowey.net>, Raphael Robert <ietf@raphaelrobert.com>, Steven Valdez <svaldez=40google.com@dmarc.ietf.org>, privacy-pass@ietf.org
In-Reply-To: <15E0A5B4-C2D7-46E7-A82E-DC15F34323D5@apple.com>
To: Tommy Pauly <tpauly@apple.com>
X-Mailer: iPhone Mail (21E236)
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/u5drqn0DSJ7Ll_GbSr51ksBR9e4>
Subject: Re: [Privacy-pass] Working group last Call for batched Tokens
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Pass Protocol <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Apr 2024 16:50:19 -0000



On Apr 8, 2024, at 11:36 AM, Tommy Pauly <tpauly@apple.com> wrote:

Also chiming in for a review — I just read through the draft and it looks good to me. I didn’t see any particular flaws that I would say need addressing before publication. I filed one very minor editorial issue https://github.com/ietf-wg-privacypass/ietf-draft-privacypass-batched-tokens/issues/8" rel="nofollow">https://github.com/ietf-wg-privacypass/ietf-draft-privacypass-batched-tokens/issues/8

I did have one overall question about our approach to token types and batching: this new batched VOPRF allocates a new token type, although my understanding is that the redemption step doesn’t necessarily need to know anything about it being batched in order to validate the token. To what degree do we want changes to the issuance that don’t impact the nature of the token upon redemption to be reflected in the token type vs some other difference in the request (such as media type, etc, etc)? Is there a security reason that the redeemer needs to know?

The redeemer does not need to know that issuance was fetched using a batched version of the protocol. However, since we chose to reuse the TokenRequest structure for issuance, we needed a distinguisher for the issuer to know that a batch was being requested. That ended up being the token type. We could have introduced a new BatchTokenRequest structure, with a new media type, for issuance, but that didn’t happen. I recall having this discussion at some point in the past, but I didn’t look to where it took place (on the list, GitHub, or during a meeting). In any case, we can change this, but I don’t feel strongly about it, except maybe that knowing a client supports batched and non-batched issuance could be a way to partition the client anonymity set for a redemption context. (Okay, maybe that’s a reason to change!)

Best,
Chris 


Tommy

On Apr 7, 2024, at 9:02 PM, Joseph Salowey <joe@salowey.net> wrote:

RIght now we only have one response to the last call which is not enough to call consensus on.   It would be good to have a draft that is not expired, but I also think before we can continue a consensus call we need a draft with all the outstanding changes as well.  

Thanks,

Joe

On Wed, Mar 20, 2024 at 3:37 AM Raphael Robert <ietf@raphaelrobert.com> wrote:
As soon as that issue is resolved I’ll make one more editorial pass before I cut a new draft. I’ll announce it here.

Raphael

On 20. Mar 2024, at 06:23, Steven Valdez <svaldez=40google.com@dmarc.ietf.org> wrote:

I think this draft looks mostly good and I support it going to the IESG. There is one outstanding issue https://github.com/ietf-wg-privacypass/ietf-draft-privacypass-batched-tokens/issues/6" target="_blank" rel="nofollow">#6 (I submitted and forgot to follow up on) regarding adding the VOPRF variant as a defined type since we're relying on that variant for PST. I can try to get a PR for that submitted, though not sure what the ordering between the draft being expired, the WGLC and cutting a new draft should look like?

-Steven

On Mon, Mar 11, 2024 at 2:47 PM Joseph Salowey <joe@salowey.net> wrote:
This is the working group last call for Batched Token Issuance Protocol (https://datatracker.ietf.org/doc/draft-ietf-privacypass-batched-tokens/" target="_blank" rel="nofollow">https://datatracker.ietf.org/doc/draft-ietf-privacypass-batched-tokens/).  Please review the document and indicate if it is ready to forward to the IESG by posting comments to this thread.  The internet draft is about to expire but should still be accessible.  Please send your comments by March 26, 2024.  

Thanks,

Joe and Ben
--
Privacy-pass mailing list
Privacy-pass@ietf.org
https://www.ietf.org/mailman/listinfo/privacy-pass" rel="noreferrer nofollow" target="_blank">https://www.ietf.org/mailman/listinfo/privacy-pass


--

 Steven Valdez | Chrome Privacy Sandbox | svaldez@google.com | Cambridge, MA
--
Privacy-pass mailing list
Privacy-pass@ietf.org
https://www.ietf.org/mailman/listinfo/privacy-pass" target="_blank" rel="nofollow">https://www.ietf.org/mailman/listinfo/privacy-pass

--
Privacy-pass mailing list
Privacy-pass@ietf.org
https://www.ietf.org/mailman/listinfo/privacy-pass

v2.23.0 | Report a Bug | By Email