[Privacy-pass] Weekly github digest (Privacy Pass Working Group summary)
Repository Activity Summary Bot <do_not_reply@mnot.net> Sun, 18 September 2022 07:50 UTC
Return-Path: <do_not_reply@mnot.net>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABCCBC14CEFC for <privacy-pass@ietfa.amsl.com>; Sun, 18 Sep 2022 00:50:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.405
X-Spam-Level:
X-Spam-Status: No, score=-2.405 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=mnot.net header.b=PXC1fMzd; dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=messagingengine.com header.b=n7IVwt6b
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0KdbgaC254ry for <privacy-pass@ietfa.amsl.com>; Sun, 18 Sep 2022 00:50:47 -0700 (PDT)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41190C14CF06 for <privacy-pass@ietf.org>; Sun, 18 Sep 2022 00:50:47 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 29E5F5C0359 for <privacy-pass@ietf.org>; Sun, 18 Sep 2022 03:41:41 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Sun, 18 Sep 2022 03:41:41 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :content-type:date:from:from:in-reply-to:mime-version:reply-to :sender:subject:subject:to:to; s=fm3; t=1663486901; x= 1663573301; bh=A2vUkJmGQPTaq5Egej5q/P1RvJ4t7zqQ/A1V8OIUhCE=; b=P XC1fMzd08+hwv5fuFOsSYP8KeQCtV4/zWx9jH+fPwAM42NCYgpZeJ0+ccLSiogYL +OSPOWJgAYDS0RHZzr9p8Qou0ZjUFWpnTY15DUwQx6FI6rQ6UIYxe3YHLIyqpFlX tvQoWbC0KfUpkoSF8WiPuUCo3lWP7cA79yxJ+UmAsjXoed7VPqiplYpYmfVNU3d1 o1nh5KyjKOYCF/jb+a8rE0R5TOuo+c/p+2R/vrm/G54oQRRW6LdRk47aY2o6f7Um uhCml/y93+hRjivC95K9dNC/CLLZQQ5wDRP34bzOWFWXaO+3Ew/c3mn7kIj5XnUi asszDKtp/FzVaN7Pd2CrA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:feedback-id :feedback-id:from:from:in-reply-to:mime-version:reply-to:sender :subject:subject:to:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; t=1663486901; x=1663573301; bh=A 2vUkJmGQPTaq5Egej5q/P1RvJ4t7zqQ/A1V8OIUhCE=; b=n7IVwt6bcxLLXbdH+ GY6n6remH/PlowZ0e8QVeaGV3/DpQe9cbyw/HOsRiZvTc7qqhM/o/pLhMVcKXUdq fY4xEt0wLffiGUEw7LXJwRdjq1SF+T+qeTJW6CUS5U3g1bmuBeLy1PXD9zcHz7+8 KwHmxna/Q1yhzI96psCBwtfS9odUnfQplIvU1bed72Yz+1qW48tya3n/ZVr2XcRl mFfPUQF6DnBjV3iEX3jk4OZQSaO2GAzZBwyBF6j0HA3ra+6mcSeYDfuPNkvxPh/V y2ni4JS8Uva/1oBjiZQ/2/X4P58K6N44oQnOdd+hXzLMsg6Cd1rNlBE6P2ZlGaXZ mdPag==
X-ME-Sender: <xms:tcsmY6ZRR2H2R7QzGwb9LfVQjBIfx5fGTsbcTlcptBWXlipHhpNgiQ> <xme:tcsmY9YDt_8oyqYPDFTerfCQ7Fu0tzGuMXuI6lcbzvaz2eAw6WhzF0bfHBKGBYNyd cReLW38RWgRdYdV0A>
X-ME-Received: <xmr:tcsmY08-B2OMZbZBghIi3rp9jN7V5NTUljL96X65BlspcGoiWfEN-aJB76FHWbTUOqeyp3fKjbVCgKvGSYGQBBghXgqHhUrA-WZzRPwekPkm5S7KNmyxIEgPLD41sHVfkQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrfedvgedgfeduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucfpohcuuggrthgvuchfihgvlhguucdlgeelmdenuc fjughrpegtggfhvffusegrtddtredttdejnecuhfhrohhmpeftvghpohhsihhtohhrhicu tegtthhivhhithihucfuuhhmmhgrrhihuceuohhtuceoughopghnohhtpghrvghplhihse hmnhhothdrnhgvtheqnecuggftrfgrthhtvghrnhepkeefvdduteejvdefkeehieevuefg fefhteetveegffekffefteffvdelheduieetnecuffhomhgrihhnpehgihhthhhusgdrtg homhenucevlhhushhtvghrufhiiigvpedunecurfgrrhgrmhepmhgrihhlfhhrohhmpegu ohgpnhhothgprhgvphhlhiesmhhnohhtrdhnvght
X-ME-Proxy: <xmx:tcsmY8rtx-PdRletaCJy2GOw11_Ciy_Wg6Z-rT8CYgPQ3DMIYnoQzQ> <xmx:tcsmY1p_Pzo5IyFUlGqj6XRLVcm1_1hioyLN0qMLcO2jSs-fXjrLcA> <xmx:tcsmY6SxUs3Z027GrPLtSqK2ooehC9Y5Tfm4WsjWAXmDUS-ae5JJsA> <xmx:tcsmY3Gbq4mZ2SpmuY0I6f06F8kzi0Na_u3jkZ6zQFLeZx3zFsn92g>
Feedback-ID: i1c3946f2:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for <privacy-pass@ietf.org>; Sun, 18 Sep 2022 03:41:40 -0400 (EDT)
Content-Type: multipart/alternative; boundary="===============9173812208513148956=="
MIME-Version: 1.0
From: Repository Activity Summary Bot <do_not_reply@mnot.net>
To: privacy-pass@ietf.org
Message-Id: <20220918075047.41190C14CF06@ietfa.amsl.com>
Date: Sun, 18 Sep 2022 00:50:47 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/xElCJr-4skRsKRSEQ_RGUhiS7Ig>
Subject: [Privacy-pass] Weekly github digest (Privacy Pass Working Group summary)
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Pass Protocol <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Sep 2022 07:50:51 -0000
Issues ------ * ietf-wg-privacypass/base-drafts (+19/-25/💬19) 19 issues created: - Arch: timing correlation (by nikitaborisov) https://github.com/ietf-wg-privacypass/base-drafts/issues/191 - Arch: non-collusion assumption & threat model (by nikitaborisov) https://github.com/ietf-wg-privacypass/base-drafts/issues/190 - Arch: joint Attester and Origin (by nikitaborisov) https://github.com/ietf-wg-privacypass/base-drafts/issues/189 - Arch: s3.2 client private input (by nikitaborisov) https://github.com/ietf-wg-privacypass/base-drafts/issues/188 - Arch: s3.1 transitive trust in attester—clarification (by nikitaborisov) https://github.com/ietf-wg-privacypass/base-drafts/issues/187 - Arch: more thoughts on unlinkability (by nikitaborisov) https://github.com/ietf-wg-privacypass/base-drafts/issues/186 - Arch: s3.2 Input secrecy does not imply unlinkability (by nikitaborisov) https://github.com/ietf-wg-privacypass/base-drafts/issues/185 - Arch: S3.2.2.2 only one privacy key (by nikitaborisov) https://github.com/ietf-wg-privacypass/base-drafts/issues/180 - Arch S3.2: Unconditional input secrecy (by nikitaborisov) https://github.com/ietf-wg-privacypass/base-drafts/issues/179 - Arch: Abstract is very... abstract. (by mnot) https://github.com/ietf-wg-privacypass/base-drafts/issues/175 - Arch: Relationship to HTTP (by mnot) https://github.com/ietf-wg-privacypass/base-drafts/issues/174 - What is an 'architectural framework'? (by mnot) https://github.com/ietf-wg-privacypass/base-drafts/issues/173 - Arch: s.6.1: Threat model for Token exhaustion (by cjpatton) https://github.com/ietf-wg-privacypass/base-drafts/issues/171 - Arch: s.5.3.1.1: Who is the verifier (by cjpatton) https://github.com/ietf-wg-privacypass/base-drafts/issues/170 - Arch: s.5.3: Meaning of "distribution of Issuer trust" (by cjpatton) https://github.com/ietf-wg-privacypass/base-drafts/issues/169 - Arch: Nit: Inconsistent capitalization of "Issuance protocol" (by cjpatton) https://github.com/ietf-wg-privacypass/base-drafts/issues/168 - Arch: s.3.2.1: SHOULD versus should (by cjpatton) https://github.com/ietf-wg-privacypass/base-drafts/issues/167 - Arch: Section 3.2: Concurrent security (by cjpatton) https://github.com/ietf-wg-privacypass/base-drafts/issues/166 - Architecture draft: Section 3.1: Meaning of "cross-origin" (by cjpatton) https://github.com/ietf-wg-privacypass/base-drafts/issues/165 15 issues received 19 new comments: - #191 Arch: timing correlation (1 by chris-wood) https://github.com/ietf-wg-privacypass/base-drafts/issues/191 - #190 Arch: non-collusion assumption & threat model (1 by chris-wood) https://github.com/ietf-wg-privacypass/base-drafts/issues/190 - #189 Arch: joint Attester and Origin (1 by chris-wood) https://github.com/ietf-wg-privacypass/base-drafts/issues/189 - #188 Arch: s3.2 client private input (1 by chris-wood) https://github.com/ietf-wg-privacypass/base-drafts/issues/188 - #187 Arch: s3.1 transitive trust in attester—clarification (1 by chris-wood) https://github.com/ietf-wg-privacypass/base-drafts/issues/187 - #186 Arch: more thoughts on unlinkability (1 by chris-wood) https://github.com/ietf-wg-privacypass/base-drafts/issues/186 - #185 Arch: s3.2 Input secrecy does not imply unlinkability (1 by chris-wood) https://github.com/ietf-wg-privacypass/base-drafts/issues/185 - #179 Arch S3.2: Unconditional input secrecy (5 by chris-wood, nikitaborisov) https://github.com/ietf-wg-privacypass/base-drafts/issues/179 - #169 Arch: s.5.3: Meaning of "distribution of Issuer trust" (1 by chris-wood) https://github.com/ietf-wg-privacypass/base-drafts/issues/169 - #163 Architecture: Security considerations nit (1 by chris-wood) https://github.com/ietf-wg-privacypass/base-drafts/issues/163 - #162 Architecture: Key rotation recommendations don't depend on number and frequency of client interactions? (1 by chris-wood) https://github.com/ietf-wg-privacypass/base-drafts/issues/162 - #160 Architecture nit: RFC 2119 keywords in section 3 (1 by chris-wood) https://github.com/ietf-wg-privacypass/base-drafts/issues/160 - #157 Architecture: Security considerations (1 by chris-wood) https://github.com/ietf-wg-privacypass/base-drafts/issues/157 [architecture] - #155 Cross-origin MUST NOT (1 by chris-wood) https://github.com/ietf-wg-privacypass/base-drafts/issues/155 [architecture] - #152 Add token_key_id truncation rationale (1 by chris-wood) https://github.com/ietf-wg-privacypass/base-drafts/issues/152 25 issues closed: - Add token_key_id truncation rationale https://github.com/ietf-wg-privacypass/base-drafts/issues/152 - token_key_id is both truncated and not truncated https://github.com/ietf-wg-privacypass/base-drafts/issues/151 - Arch S3.2: Unconditional input secrecy https://github.com/ietf-wg-privacypass/base-drafts/issues/179 - Arch: S3.2.2.2 only one privacy key https://github.com/ietf-wg-privacypass/base-drafts/issues/180 - Architecture: One protocol or two? https://github.com/ietf-wg-privacypass/base-drafts/issues/153 [architecture] [editorial] - Architecture: Origin definition https://github.com/ietf-wg-privacypass/base-drafts/issues/154 [architecture] - Cross-origin MUST NOT https://github.com/ietf-wg-privacypass/base-drafts/issues/155 [architecture] - Architecture: Forward reference for split model, etc. https://github.com/ietf-wg-privacypass/base-drafts/issues/156 [architecture] - Architecture: Who does what and definition of "Client" in the introduction https://github.com/ietf-wg-privacypass/base-drafts/issues/158 - Architecture: Consistency in order and diagrams for redemption protocol vs. issuance protocol https://github.com/ietf-wg-privacypass/base-drafts/issues/159 - Architecture nit: RFC 2119 keywords in section 3 https://github.com/ietf-wg-privacypass/base-drafts/issues/160 - Architecture: Extension/issuer protocol requirements for privacy impact analysis https://github.com/ietf-wg-privacypass/base-drafts/issues/161 - Architecture: Key rotation recommendations don't depend on number and frequency of client interactions? https://github.com/ietf-wg-privacypass/base-drafts/issues/162 - Arch: s.3.1: Meaning of "cross-origin" https://github.com/ietf-wg-privacypass/base-drafts/issues/165 - Arch: s.3.2: Concurrent security https://github.com/ietf-wg-privacypass/base-drafts/issues/166 - Arch: s.3.2.1: SHOULD versus should https://github.com/ietf-wg-privacypass/base-drafts/issues/167 - Arch: Nit: Inconsistent capitalization https://github.com/ietf-wg-privacypass/base-drafts/issues/168 - Arch: s.5.3: Meaning of "distribution of Issuer trust" https://github.com/ietf-wg-privacypass/base-drafts/issues/169 - Arch: s.5.3.1: Who is the verifier https://github.com/ietf-wg-privacypass/base-drafts/issues/170 - Arch: s.6.1: Threat model for Token exhaustion https://github.com/ietf-wg-privacypass/base-drafts/issues/171 - What is an 'architectural framework'? https://github.com/ietf-wg-privacypass/base-drafts/issues/173 - Arch: Relationship to HTTP https://github.com/ietf-wg-privacypass/base-drafts/issues/174 - Arch: Abstract is very... abstract. https://github.com/ietf-wg-privacypass/base-drafts/issues/175 - Architecture: Security considerations https://github.com/ietf-wg-privacypass/base-drafts/issues/157 [architecture] - Architecture: Security considerations nit https://github.com/ietf-wg-privacypass/base-drafts/issues/163 Pull requests ------------- * ietf-wg-privacypass/base-drafts (+13/-7/💬5) 13 pull requests submitted: - Add section on timing attacks (by chris-wood) https://github.com/ietf-wg-privacypass/base-drafts/pull/196 - Clarify non-collusion requirements (by chris-wood) https://github.com/ietf-wg-privacypass/base-drafts/pull/195 - Clarify issuance protocol input (by chris-wood) https://github.com/ietf-wg-privacypass/base-drafts/pull/194 - Clarify transitive trust in attesters (by chris-wood) https://github.com/ietf-wg-privacypass/base-drafts/pull/193 - Remove unlinkability implication from issuance secrecy (by chris-wood) https://github.com/ietf-wg-privacypass/base-drafts/pull/192 - Clarify token key ID truncation (by chris-wood) https://github.com/ietf-wg-privacypass/base-drafts/pull/184 - Clarify truncated key id in the TokenRequest message (by chris-wood) https://github.com/ietf-wg-privacypass/base-drafts/pull/183 - Clarify unconditional input secrecy (by chris-wood) https://github.com/ietf-wg-privacypass/base-drafts/pull/182 - Consolidate key rotation content (by chris-wood) https://github.com/ietf-wg-privacypass/base-drafts/pull/181 - Not an architectural framework (by chris-wood) https://github.com/ietf-wg-privacypass/base-drafts/pull/178 - Apply cjpatton's edits (by chris-wood) https://github.com/ietf-wg-privacypass/base-drafts/pull/177 - Editorial pass rebase (by chris-wood) https://github.com/ietf-wg-privacypass/base-drafts/pull/176 - Editorial changes (by cjpatton) https://github.com/ietf-wg-privacypass/base-drafts/pull/172 4 pull requests received 5 new comments: - #182 Clarify unconditional input secrecy (1 by nikitaborisov) https://github.com/ietf-wg-privacypass/base-drafts/pull/182 - #178 Not an architectural framework (1 by chris-wood) https://github.com/ietf-wg-privacypass/base-drafts/pull/178 - #172 Editorial changes (2 by chris-wood, cjpatton) https://github.com/ietf-wg-privacypass/base-drafts/pull/172 - #164 Editorial nits found during WGLC review (1 by chris-wood) https://github.com/ietf-wg-privacypass/base-drafts/pull/164 7 pull requests merged: - Clarify truncated key id in the TokenRequest message https://github.com/ietf-wg-privacypass/base-drafts/pull/183 - Clarify token key ID truncation https://github.com/ietf-wg-privacypass/base-drafts/pull/184 - Clarify unconditional input secrecy https://github.com/ietf-wg-privacypass/base-drafts/pull/182 - Consolidate key rotation content https://github.com/ietf-wg-privacypass/base-drafts/pull/181 - Address WGLC review issues https://github.com/ietf-wg-privacypass/base-drafts/pull/178 - Apply cjpatton's edits https://github.com/ietf-wg-privacypass/base-drafts/pull/177 - Editorial nits found during WGLC review https://github.com/ietf-wg-privacypass/base-drafts/pull/164 Repositories tracked by this digest: ----------------------------------- * https://github.com/ietf-wg-privacypass/base-drafts
- [Privacy-pass] Weekly github digest (Privacy Pass… Repository Activity Summary Bot