Re: [Privacy-pass] New drafts for IETF107
Steven Valdez <svaldez@google.com> Wed, 26 February 2020 15:23 UTC
Return-Path: <svaldez@google.com>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18BA13A0954 for <privacy-pass@ietfa.amsl.com>; Wed, 26 Feb 2020 07:23:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RKKKau0u9o0O for <privacy-pass@ietfa.amsl.com>; Wed, 26 Feb 2020 07:23:05 -0800 (PST)
Received: from mail-oi1-x229.google.com (mail-oi1-x229.google.com [IPv6:2607:f8b0:4864:20::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8EA63A0955 for <privacy-pass@ietf.org>; Wed, 26 Feb 2020 07:23:05 -0800 (PST)
Received: by mail-oi1-x229.google.com with SMTP id q81so3422589oig.0 for <privacy-pass@ietf.org>; Wed, 26 Feb 2020 07:23:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=PGq2XFc587QlRKmbi9tLb3JKOJts9hwo2WDkkUbAdYc=; b=vAGNSKYxRxx2uEUrqUJUQuiL7zy1PTxrn77xSS9W1rcgOzr5MCPP4vBueDE+cPpVO3 jsS7jH2HPDJpQHWB+3b/cYv10xNLWdlH7up0SznGN+HtaWvvkLFT8yD6415+leN4xcig plBCeCO4cUbIju4CU6Sg+ppyhCksAmUmwGYmJ1Vt4DEOxiJPP2H5fKZ/1nG2oD1/tmb3 f1InuUdGjYbwWwtzkV7gu7yEzUsvC455V7qxBKf/kJh5f71YNK3Em+gEvd6YVrP6RZcs e0z18uzuTKdMrnBdHaM2pHmz6nJwpHxlVDNujOYGa9LAGPtZkQFqx5sPa0o2qyumfrsN ExFw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=PGq2XFc587QlRKmbi9tLb3JKOJts9hwo2WDkkUbAdYc=; b=NAUeJqUVKJPiXS9VTutcw/52NnQBPG1vauxj3dPmkTwSoRpSxJpEvbvyiQp0YrnN3s l5bR57FEWifRWR+L1NoJ2wBSqhAn00r1bBIhKkfwPJxA/TLAIewRyRgkmsgsDMhWHY7Y +f4iw3GagzVRZj1T0ADhSQmJpN4LJT4bdeNHoyZHk6v2wyLCGHXYVFTqYWltupMTd5HE dzW9J8gCMwF0LyE29dAPmecDMxQ3+ZAoVz6WTFhl0ZY48H5xhp0zNixNcCnDeKnhu2sv Uzn71JSgm7cbu8NnkX19Bon0j/2J7+Md2irJXFgFZD8MqbFpU4dW5/a+PaG/ZtYyNBr9 a9Uw==
X-Gm-Message-State: APjAAAXHl63SJWSoFSNrUOiDoWUXxo0y7iPKKQAUxc7uKi1Yw+vCZcll uLuOLkEfLxpPt7epR6DtLsqxByjDzza6iFjnXyZ0KNI6X1M=
X-Google-Smtp-Source: APXvYqw9vCuD/0K9lwFGUG1UCpGqMaE0cXUvokXuTdYl8FoNw2Yo1d6LUUejD5/lwKkLYLIfkVvYDlQ7cCDrYMiUSzM=
X-Received: by 2002:aca:53c6:: with SMTP id h189mr3612656oib.11.1582730584707; Wed, 26 Feb 2020 07:23:04 -0800 (PST)
MIME-Version: 1.0
References: <62860787-70C2-4B39-BC6B-B0A83DDCD824@cloudflare.com> <CANduzxDCEi3izVM49EmTwyLf=LNpO1dTPqb6JmO7zxaHPTCaTg@mail.gmail.com> <1F946C3A-D194-435E-9A0F-2388C70324C3@cloudflare.com> <38505538-5FC5-4496-BD80-760C6071BD01@cloudflare.com> <0E23922F-9E2A-4192-B4CA-E8462CC672A2@cloudflare.com>
In-Reply-To: <0E23922F-9E2A-4192-B4CA-E8462CC672A2@cloudflare.com>
From: Steven Valdez <svaldez@google.com>
Date: Wed, 26 Feb 2020 10:22:53 -0500
Message-ID: <CANduzxDAKjQion4sUxquu7OHZDbv+PO9+oRRnBYaoAkOrXCicw@mail.gmail.com>
To: Alex Davidson <adavidson=40cloudflare.com@dmarc.ietf.org>
Cc: privacy-pass@ietf.org
Content-Type: multipart/alternative; boundary="000000000000475c24059f7c2ea2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/wyf11YEcJ6dyDBtKDpBi20x9Fyw>
Subject: Re: [Privacy-pass] New drafts for IETF107
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Feb 2020 15:23:10 -0000
Some initial comments from trying to write the API doc against the architecture doc: - Having config_id and version seems like an odd set of names. config_id appears to just be the ciphersuite being used in the protocol, and version is the ID of the current set of key commitments. - The supports field seems like it would always contain issue and redeem, is there a use case where an set of keys would only ever be used for one or the other? - The revoked scheme seems a bit weird (modifying previous keysets after the fact) and makes it hard to integrate with something like an append-only log. Wouldn't it be easier to just use to have a set of fields at the top level (under server_id) that list which keys are allowed to issue (always the newest key) and redeem (the current and previous keys). On Fri, Feb 21, 2020 at 12:15 PM Alex Davidson <adavidson= 40cloudflare.com@dmarc.ietf.org> wrote: > I’ve now pushed a WIP draft for the architecture > document (draft-davidson-pp-architecture) to the same repo ( > https://github.com/alxdavids/privacy-pass-ietf/tree/master/drafts). There > are a lot of TODOs still to address and I’m away for the next week, but I’m > going to pick it back up when I return. Still aiming to have something > submitted by the IETF 107 draft deadline on 9 March. > > The pp-protocol document is not currently very prescriptive about the data > formats of each of the types that are sent in protocol messages etc. This > is something that I am going to start addressing and, ideally, I’m going to > rewrite to be consistent with the TLS presentation language [RFC8446 > <https://tools.ietf.org/html/rfc8446>] for compiling everything into > standard formats (as it is also done in MLS, > https://tools.ietf.org/html/draft-ietf-mls-protocol-08). > > Both drafts are still at a very early stage and so all feedback and > contributions are very welcome (either here on the mailing list, or as > GitHub issues/PRs are fine). > > Alex > > On 12 Feb 2020, at 17:35, Alex Davidson <adavidson@cloudflare.com> wrote: > > Hi all, > > I’ve taken an initial stab at a draft for the generic protocol overview at > https://github.com/alxdavids/privacy-pass-ietf/blob/master/drafts/draft-davidson-pp-protocol/. > I refactored out most of the stuff from the existing draft-privacy-pass > doc. The biggest change is that I decided to go with a wrapper API around > the VOPRF API for constructing the protocol. I then provide a specific > implementation of this API using the VOPRF protocol. I think this will help > when devising extensions to the protocol as it will enable others to > either: modify the VOPRF API that is used, or to just modify the way that > the PP API is implemented altogether (in situations that may not use > VOPRFs, such as in the case of public verifiability). > > Some other things/questions to consider: > > - I avoided any of the discussions around the architecture required for > maintaining client privacy, this includes how key rotation works. I decided > that these considerations are beyond the scope of the generic protocol > description, but happy to hear contrasting opinions? > - The extension policy could probably do with some work. Since the privacy > considerations will be in a separate document, currently I am assuming that > any proposed extension satisfies the policies that will exist in each of > the core three documents. > - Is the proposed API suitable? Are there any concerns for potential > extensions using this API? > - I had to define some specific functionality for interacting with the > groups used in the VOPRF implementation. Perhaps these can be moved to the > VOPRF draft? > - The provision of the security guarantees are lifted from > https://petsymposium.org/2018/files/papers/issue3/popets-2018-0026.pdf > <https://petsymposium.org/2018/files/papers/issue3/popets-2018-0026..pdf> > and https://eprint.iacr.org/2020/072.pdf on the basis that the API > implements the same protocol when using the VOPRF from > draft-irtf-cfrg-voprf. This should probably be verified. > - There are some minor TODOs that need to be fixed, such as links to > non-existent drafts. > > I’ll start putting something together for the architecture document. > > Cheers, > Alex > > On 6 Feb 2020, at 17:41, Alex Davidson <adavidson@cloudflare.com> wrote: > > Hi Steven, > > On 6 Feb 2020, at 15:22, Steven Valdez < > svaldez=40google.com@dmarc.ietf.org> wrote: > > Yeah, it makes sense not to wait for the BoF to start iterating on initial > docs. Are you planning on putting the split document in a git repo > somewhere? Might make sense to set up a repo with all the base drafts in > one place as separate files (ala the QUIC WG) so that people can file > issues/PRs. > > > This is a good idea. I’ve repurposed the repo where I was hosting the > draft charter previously to also include a space for working on the drafts > here: https://github.com/alxdavids/privacy-pass-ietf/. I’ve placed the > original draft-privacy-pass document in the drafts/ folder there, and we > can use this space as a single location for contributing to these base > drafts. Once a WG is formed, we can move this repo into a specific WG repo. > > > I can take a stab at making a draft with a generic version of the > integrations from the Trust Token API as a starting point for the third > draft. I think fully specifying it will be dependent on the first two > drafts, but having a starting point to feedback into laying out the earlier > protocol/architecture descriptions would likely be useful for further > iterating on those drafts. > > > This would be helpful, thanks. > > Alex > > > -Steven > > On Thu, Feb 6, 2020 at 7:31 AM Alex Davidson <adavidson= > 40cloudflare.com@dmarc.ietf.org <40cloudflare..com@dmarc.ietf.org>> wrote: > >> Since there has been no more feedback on the charter that was proposed, I >> think that it may be useful to start work on drafting the three main >> documents that make up the protocol specification. Having some initial >> write-ups before the BoF @ IETF107 will also help to determine the agenda >> for the meeting if there any initial issues that arise from the writing >> process. >> >> These three documents should cover the following: >> >> - The generic description of the protocol, based on VOPRFs (or similar), >> including specification of security considerations, protocol messages and a >> framework for introducing extensions. >> - The wider architecture for running the protocol: public interfaces, key >> rotation, privacy goals, applications, analysis of tracking >> potential/incentives for not following protocol. >> - The API: specify how privacy pass data is integrated with HTTP >> requests/responses, and where key material is stored/how it is accessed. >> >> Currently there is a single draft document ( >> https://datatracker.ietf.org/doc/draft-privacy-pass/) that includes >> considerations mostly spanning from the first two documents (although it is >> also includes some key management specifics). I can start to split this >> document into two parts that could be used to initiate the process of >> writing the initial drafts covering the first two points. >> >> The third point is not well specified as of yet, but there are some >> applications such as the Trust Token API that integrate with HTTP already: >> https://github.com/WICG/trust-token-api. Perhaps the third document >> necessarily needs to succeed the first two? But if anyone would be willing >> to start working on this document also, then that would be useful. >> >> Alex >> -- >> Privacy-pass mailing list >> Privacy-pass@ietf.org >> https://www.ietf.org/mailman/listinfo/privacy-pass >> > > > -- > > Steven Valdez | Chrome Privacy Sandbox | svaldez@google.com | > 210-692-4742 <(210)%20692-4742> > > > > > -- Steven Valdez | Chrome Privacy Sandbox | svaldez@google.com | 210-692-4742
- [Privacy-pass] New drafts for IETF107 Alex Davidson
- Re: [Privacy-pass] New drafts for IETF107 Steven Valdez
- Re: [Privacy-pass] New drafts for IETF107 Alex Davidson
- Re: [Privacy-pass] New drafts for IETF107 Alex Davidson
- Re: [Privacy-pass] New drafts for IETF107 Alex Davidson
- Re: [Privacy-pass] New drafts for IETF107 Steven Valdez
- Re: [Privacy-pass] New drafts for IETF107 Alex Davidson
- Re: [Privacy-pass] New drafts for IETF107 Steven Valdez
- Re: [Privacy-pass] New drafts for IETF107 Alex Davidson
- Re: [Privacy-pass] New drafts for IETF107 Alex Davidson
- Re: [Privacy-pass] New drafts for IETF107 Sofía Celi
- Re: [Privacy-pass] New drafts for IETF107 Alex Davidson
- Re: [Privacy-pass] New drafts for IETF107 Sofía Celi
- Re: [Privacy-pass] New drafts for IETF107 Mariana Raykova
- Re: [Privacy-pass] New drafts for IETF107 Alex Davidson
- Re: [Privacy-pass] New drafts for IETF107 Mariana Raykova
- Re: [Privacy-pass] New drafts for IETF107 Steven Valdez