Re: [Privacy-pass] Private Access Tokens and Privacy Pass Architecture
Alex Davidson <alex.davidson92@gmail.com> Mon, 20 December 2021 16:52 UTC
Return-Path: <alex.davidson92@gmail.com>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C61B63A10A8 for <privacy-pass@ietfa.amsl.com>; Mon, 20 Dec 2021 08:52:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.847
X-Spam-Level:
X-Spam-Status: No, score=-1.847 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oEQYHgdGy3ch for <privacy-pass@ietfa.amsl.com>; Mon, 20 Dec 2021 08:52:39 -0800 (PST)
Received: from mail-wm1-x32b.google.com (mail-wm1-x32b.google.com [IPv6:2a00:1450:4864:20::32b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17B633A10A1 for <privacy-pass@ietf.org>; Mon, 20 Dec 2021 08:52:39 -0800 (PST)
Received: by mail-wm1-x32b.google.com with SMTP id g132so4448276wmg.2 for <privacy-pass@ietf.org>; Mon, 20 Dec 2021 08:52:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=M1FmlCqpIR9yI85jDuLo55+pXtkSMKuaPii0hJ9y9Oc=; b=PUL0rwFLZAYpCqSw68RmlJ7nFMXsQnGkpWZrAX54Ywbxew4iMtLK5rQlhtD0raqJ5q 6Ew/eYA/SNCG+QjB5AHRwLQWaKRlwU6eXLMjwDqtOfafT3NPu9yKST65nYM6L4ooVBHk TsdhgFbLlKetiwVi0lk0ivW5HjgZLCIlULV9eF2E0qVOWq1xASgWCEa2shhRe5H8HoyN oxvBR8cI8pQaVin47mHaQNsyj9kFzSMV44qjKiX1rnwmDP8rwS6yvFPvI6P7wsdzYdac /T/TDsmCH8PgPcir8Ob/5Yeq//7nndRiS2y2Ei5Scz5uP/UuNcnXQLbSHY1IsEDKRIKf 3T6A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=M1FmlCqpIR9yI85jDuLo55+pXtkSMKuaPii0hJ9y9Oc=; b=U9tBnw/0YIT/e2zFzvsSbS818TVB37qOAD12ELgencp6rd9F67vFup+lMrlH+hiRw7 7DJ3uAPd/qjj7eaPCKl8v9AeFWFhSL7Nl84Fu+hUNJprXhgK/4KWb4PlH5R6DxRHTL6V +/1iKs/fHjoYXA+UvXQwUnsEoAc2/oA3xTdeAMwq2Pwy8Xr9o5aoV78+F4SD4Euzdtji GwqIHk0T4UTrsmukfhbD8/Bj0QL1sSmGC29gXe74vBkQizpt9GI62xDGILAZhNgCXhNS +Xz6qmjv2l/zj6k4hYGLaB8FJVwHAAIKQ2rFjgp2hB33AvHSSX+8knqi+mx/1DYXNsJN h59A==
X-Gm-Message-State: AOAM5304BNxfcxyNMhDObIafAnl+rqyefXvhfuxj++FLZenCKhqQ9Rqh 20j7B8YVrFgXfKO3WMEbnB8wZrv+ID018grlsg==
X-Google-Smtp-Source: ABdhPJyqbBQ1bTdBj7nJvnejhlrm73xZ/2/g0t/MDX6wvGhL9V5t7uiSB0mO1l9Nv+rh3zOqsK5zwSj2XWGsQ1UEsKA=
X-Received: by 2002:a05:600c:1f19:: with SMTP id bd25mr14541291wmb.75.1640019156186; Mon, 20 Dec 2021 08:52:36 -0800 (PST)
MIME-Version: 1.0
References: <CANduzxCU3wqZAptjBRrgtJuZymAReqxtKLf5BopTvbwD3tuJSQ@mail.gmail.com>
In-Reply-To: <CANduzxCU3wqZAptjBRrgtJuZymAReqxtKLf5BopTvbwD3tuJSQ@mail.gmail.com>
From: Alex Davidson <alex.davidson92@gmail.com>
Date: Mon, 20 Dec 2021 16:52:25 +0000
Message-ID: <CAD5V+fM9eds4cJD_6c=HTAx0bJWAirQtCBRYPZNMtV0ZLLqEZA@mail.gmail.com>
To: Steven Valdez <svaldez=40google.com@dmarc.ietf.org>
Cc: privacy-pass@ietf.org
Content-Type: multipart/alternative; boundary="0000000000003ab8bf05d396b7f7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/wpP9YgtcUH1yFp25OpE0qhFNY0M>
Subject: Re: [Privacy-pass] Private Access Tokens and Privacy Pass Architecture
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Pass Protocol <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Dec 2021 16:52:44 -0000
Hi, Broadly speaking, I think the reorganisation of the protocol, architecture, HTTP auth docs make sense. Having not followed the work on Private Access Tokens very closely, I think it would be beneficial to have a presentation on this topic to the WG. Specifically, it would be useful to hear more related to the motivation and intended goals of this draft, and the applicability of this work to the WG. I also found a few minor issues after doing an initial read-through of the docs: - Section 3 of the HTTP auth doc seems to already be covered in Section 3.2 of the architecture doc, maybe this could be replaced with a simple citation? - This may be a hangover from a previous iteration, but in Section 4.2 of the architecture doc the advised key rotation period (1-12 weeks) is not consistent with the table in Section 6 (2-24 weeks). I will read the linked drafts over the next few days more thoroughly and post any additional things that I notice here. Cheers, Alex On Thu, Dec 16, 2021 at 4:41 PM Steven Valdez <svaldez= 40google.com@dmarc.ietf.org> wrote: > Following up on IETF 112, and discussions about Private Access Tokens ( > https://www.ietf.org/archive/id/draft-private-access-tokens-00.html) in > SECDISPATCH to move it to PRIVACYPASS, the authors have been working on a > proposed re-architecture of the PRIVACYPASS documents to support both the > existing privately verifiable construction (based on VOPRFs), as well as > the publicly verifiable construction (based on RSA Blind Signatures) and > the Private Access Tokens design. > > Links and a discussion to the proposed drafts are below. Please review > them and provide feedback! > > Due to the scope of the changes, it might be useful to go over these > drafts in a meeting. Chairs, would it be possible to get an interim > scheduled in January to discuss these changes? > > --- > > Current proposed drafts of the documents are: > > Architecture: > https://ietf-wg-privacypass.github.io/base-drafts/caw/arch-refactor/draft-ietf-privacypass-architecture.html > HTTP Auth Scheme: > https://tfpauly.github.io/privacy-proxy/draft-pauly-privacypass-auth-scheme.html > PrivacyPass Issuance Protocol: > https://ietf-wg-privacypass.github.io/base-drafts/caw/pp-issuance/draft-ietf-privacypass-protocol.html > Rate-limited Token Issuance Protocol (Private Access Tokens): > https://tfpauly.github.io/privacy-proxy/draft-privacypass-rate-limit-tokens.html > > The Architecture document provides the shared architecture that different > tokens build on top of, generalizing the existing architecture of Issuer, > Client, Origin to include an Attester (which is currently implicit in the > existing architecture). It defines the purpose and requirements for Privacy > pass issuance and redemption. > > The HTTP Auth Scheme document is a new document to provide an HTTP > authentication scheme for Privacy Pass redemption. This can be used with > any issuance protocol. > > The Issuance Protocol documents provide the protocol details for each > issuance protocol (the PrivacyPass token protocol includes the VOPRF and > RSA Blind Signature forms). > -- > Privacy-pass mailing list > Privacy-pass@ietf.org > https://www.ietf.org/mailman/listinfo/privacy-pass >
- [Privacy-pass] Private Access Tokens and Privacy … Steven Valdez
- Re: [Privacy-pass] Private Access Tokens and Priv… Alex Davidson
- Re: [Privacy-pass] Private Access Tokens and Priv… Christopher Wood