[Privacy-pass] Weekly github digest (Privacy Pass Working Group summary)
Repository Activity Summary Bot <do_not_reply@mnot.net> Sun, 18 September 2022 07:50 UTC
Return-Path: <do_not_reply@mnot.net>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABCCBC14CEFC for <privacy-pass@ietfa.amsl.com>; Sun, 18 Sep 2022 00:50:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.405
X-Spam-Level:
X-Spam-Status: No, score=-2.405 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=mnot.net header.b=PXC1fMzd; dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=messagingengine.com header.b=n7IVwt6b
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0KdbgaC254ry for <privacy-pass@ietfa.amsl.com>; Sun, 18 Sep 2022 00:50:47 -0700 (PDT)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41190C14CF06 for <privacy-pass@ietf.org>; Sun, 18 Sep 2022 00:50:47 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 29E5F5C0359 for <privacy-pass@ietf.org>; Sun, 18 Sep 2022 03:41:41 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Sun, 18 Sep 2022 03:41:41 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :content-type:date:from:from:in-reply-to:mime-version:reply-to :sender:subject:subject:to:to; s=fm3; t=1663486901; x= 1663573301; bh=A2vUkJmGQPTaq5Egej5q/P1RvJ4t7zqQ/A1V8OIUhCE=; b=P XC1fMzd08+hwv5fuFOsSYP8KeQCtV4/zWx9jH+fPwAM42NCYgpZeJ0+ccLSiogYL +OSPOWJgAYDS0RHZzr9p8Qou0ZjUFWpnTY15DUwQx6FI6rQ6UIYxe3YHLIyqpFlX tvQoWbC0KfUpkoSF8WiPuUCo3lWP7cA79yxJ+UmAsjXoed7VPqiplYpYmfVNU3d1 o1nh5KyjKOYCF/jb+a8rE0R5TOuo+c/p+2R/vrm/G54oQRRW6LdRk47aY2o6f7Um uhCml/y93+hRjivC95K9dNC/CLLZQQ5wDRP34bzOWFWXaO+3Ew/c3mn7kIj5XnUi asszDKtp/FzVaN7Pd2CrA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:feedback-id :feedback-id:from:from:in-reply-to:mime-version:reply-to:sender :subject:subject:to:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; t=1663486901; x=1663573301; bh=A 2vUkJmGQPTaq5Egej5q/P1RvJ4t7zqQ/A1V8OIUhCE=; b=n7IVwt6bcxLLXbdH+ GY6n6remH/PlowZ0e8QVeaGV3/DpQe9cbyw/HOsRiZvTc7qqhM/o/pLhMVcKXUdq fY4xEt0wLffiGUEw7LXJwRdjq1SF+T+qeTJW6CUS5U3g1bmuBeLy1PXD9zcHz7+8 KwHmxna/Q1yhzI96psCBwtfS9odUnfQplIvU1bed72Yz+1qW48tya3n/ZVr2XcRl mFfPUQF6DnBjV3iEX3jk4OZQSaO2GAzZBwyBF6j0HA3ra+6mcSeYDfuPNkvxPh/V y2ni4JS8Uva/1oBjiZQ/2/X4P58K6N44oQnOdd+hXzLMsg6Cd1rNlBE6P2ZlGaXZ mdPag==
X-ME-Sender: <xms:tcsmY6ZRR2H2R7QzGwb9LfVQjBIfx5fGTsbcTlcptBWXlipHhpNgiQ> <xme:tcsmY9YDt_8oyqYPDFTerfCQ7Fu0tzGuMXuI6lcbzvaz2eAw6WhzF0bfHBKGBYNyd cReLW38RWgRdYdV0A>
X-ME-Received: <xmr:tcsmY08-B2OMZbZBghIi3rp9jN7V5NTUljL96X65BlspcGoiWfEN-aJB76FHWbTUOqeyp3fKjbVCgKvGSYGQBBghXgqHhUrA-WZzRPwekPkm5S7KNmyxIEgPLD41sHVfkQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrfedvgedgfeduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucfpohcuuggrthgvuchfihgvlhguucdlgeelmdenuc fjughrpegtggfhvffusegrtddtredttdejnecuhfhrohhmpeftvghpohhsihhtohhrhicu tegtthhivhhithihucfuuhhmmhgrrhihuceuohhtuceoughopghnohhtpghrvghplhihse hmnhhothdrnhgvtheqnecuggftrfgrthhtvghrnhepkeefvdduteejvdefkeehieevuefg fefhteetveegffekffefteffvdelheduieetnecuffhomhgrihhnpehgihhthhhusgdrtg homhenucevlhhushhtvghrufhiiigvpedunecurfgrrhgrmhepmhgrihhlfhhrohhmpegu ohgpnhhothgprhgvphhlhiesmhhnohhtrdhnvght
X-ME-Proxy: <xmx:tcsmY8rtx-PdRletaCJy2GOw11_Ciy_Wg6Z-rT8CYgPQ3DMIYnoQzQ> <xmx:tcsmY1p_Pzo5IyFUlGqj6XRLVcm1_1hioyLN0qMLcO2jSs-fXjrLcA> <xmx:tcsmY6SxUs3Z027GrPLtSqK2ooehC9Y5Tfm4WsjWAXmDUS-ae5JJsA> <xmx:tcsmY3Gbq4mZ2SpmuY0I6f06F8kzi0Na_u3jkZ6zQFLeZx3zFsn92g>
Feedback-ID: i1c3946f2:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for <privacy-pass@ietf.org>; Sun, 18 Sep 2022 03:41:40 -0400 (EDT)
Content-Type: multipart/alternative; boundary="===============9173812208513148956=="
MIME-Version: 1.0
From: Repository Activity Summary Bot <do_not_reply@mnot.net>
To: privacy-pass@ietf.org
Message-Id: <20220918075047.41190C14CF06@ietfa.amsl.com>
Date: Sun, 18 Sep 2022 00:50:47 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/xElCJr-4skRsKRSEQ_RGUhiS7Ig>
Subject: [Privacy-pass] Weekly github digest (Privacy Pass Working Group summary)
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Pass Protocol <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Sep 2022 07:50:51 -0000
Issues
------
* ietf-wg-privacypass/base-drafts (+19/-25/đź’¬19)
19 issues created:
- Arch: timing correlation (by nikitaborisov)
https://github.com/ietf-wg-privacypass/base-drafts/issues/191
- Arch: non-collusion assumption & threat model (by nikitaborisov)
https://github.com/ietf-wg-privacypass/base-drafts/issues/190
- Arch: joint Attester and Origin (by nikitaborisov)
https://github.com/ietf-wg-privacypass/base-drafts/issues/189
- Arch: s3.2 client private input (by nikitaborisov)
https://github.com/ietf-wg-privacypass/base-drafts/issues/188
- Arch: s3.1 transitive trust in attester—clarification (by nikitaborisov)
https://github.com/ietf-wg-privacypass/base-drafts/issues/187
- Arch: more thoughts on unlinkability (by nikitaborisov)
https://github.com/ietf-wg-privacypass/base-drafts/issues/186
- Arch: s3.2 Input secrecy does not imply unlinkability (by nikitaborisov)
https://github.com/ietf-wg-privacypass/base-drafts/issues/185
- Arch: S3.2.2.2 only one privacy key (by nikitaborisov)
https://github.com/ietf-wg-privacypass/base-drafts/issues/180
- Arch S3.2: Unconditional input secrecy (by nikitaborisov)
https://github.com/ietf-wg-privacypass/base-drafts/issues/179
- Arch: Abstract is very... abstract. (by mnot)
https://github.com/ietf-wg-privacypass/base-drafts/issues/175
- Arch: Relationship to HTTP (by mnot)
https://github.com/ietf-wg-privacypass/base-drafts/issues/174
- What is an 'architectural framework'? (by mnot)
https://github.com/ietf-wg-privacypass/base-drafts/issues/173
- Arch: s.6.1: Threat model for Token exhaustion (by cjpatton)
https://github.com/ietf-wg-privacypass/base-drafts/issues/171
- Arch: s.5.3.1.1: Who is the verifier (by cjpatton)
https://github.com/ietf-wg-privacypass/base-drafts/issues/170
- Arch: s.5.3: Meaning of "distribution of Issuer trust" (by cjpatton)
https://github.com/ietf-wg-privacypass/base-drafts/issues/169
- Arch: Nit: Inconsistent capitalization of "Issuance protocol" (by cjpatton)
https://github.com/ietf-wg-privacypass/base-drafts/issues/168
- Arch: s.3.2.1: SHOULD versus should (by cjpatton)
https://github.com/ietf-wg-privacypass/base-drafts/issues/167
- Arch: Section 3.2: Concurrent security (by cjpatton)
https://github.com/ietf-wg-privacypass/base-drafts/issues/166
- Architecture draft: Section 3.1: Meaning of "cross-origin" (by cjpatton)
https://github.com/ietf-wg-privacypass/base-drafts/issues/165
15 issues received 19 new comments:
- #191 Arch: timing correlation (1 by chris-wood)
https://github.com/ietf-wg-privacypass/base-drafts/issues/191
- #190 Arch: non-collusion assumption & threat model (1 by chris-wood)
https://github.com/ietf-wg-privacypass/base-drafts/issues/190
- #189 Arch: joint Attester and Origin (1 by chris-wood)
https://github.com/ietf-wg-privacypass/base-drafts/issues/189
- #188 Arch: s3.2 client private input (1 by chris-wood)
https://github.com/ietf-wg-privacypass/base-drafts/issues/188
- #187 Arch: s3.1 transitive trust in attester—clarification (1 by chris-wood)
https://github.com/ietf-wg-privacypass/base-drafts/issues/187
- #186 Arch: more thoughts on unlinkability (1 by chris-wood)
https://github.com/ietf-wg-privacypass/base-drafts/issues/186
- #185 Arch: s3.2 Input secrecy does not imply unlinkability (1 by chris-wood)
https://github.com/ietf-wg-privacypass/base-drafts/issues/185
- #179 Arch S3.2: Unconditional input secrecy (5 by chris-wood, nikitaborisov)
https://github.com/ietf-wg-privacypass/base-drafts/issues/179
- #169 Arch: s.5.3: Meaning of "distribution of Issuer trust" (1 by chris-wood)
https://github.com/ietf-wg-privacypass/base-drafts/issues/169
- #163 Architecture: Security considerations nit (1 by chris-wood)
https://github.com/ietf-wg-privacypass/base-drafts/issues/163
- #162 Architecture: Key rotation recommendations don't depend on number and frequency of client interactions? (1 by chris-wood)
https://github.com/ietf-wg-privacypass/base-drafts/issues/162
- #160 Architecture nit: RFC 2119 keywords in section 3 (1 by chris-wood)
https://github.com/ietf-wg-privacypass/base-drafts/issues/160
- #157 Architecture: Security considerations (1 by chris-wood)
https://github.com/ietf-wg-privacypass/base-drafts/issues/157 [architecture]
- #155 Cross-origin MUST NOT (1 by chris-wood)
https://github.com/ietf-wg-privacypass/base-drafts/issues/155 [architecture]
- #152 Add token_key_id truncation rationale (1 by chris-wood)
https://github.com/ietf-wg-privacypass/base-drafts/issues/152
25 issues closed:
- Add token_key_id truncation rationale https://github.com/ietf-wg-privacypass/base-drafts/issues/152
- token_key_id is both truncated and not truncated https://github.com/ietf-wg-privacypass/base-drafts/issues/151
- Arch S3.2: Unconditional input secrecy https://github.com/ietf-wg-privacypass/base-drafts/issues/179
- Arch: S3.2.2.2 only one privacy key https://github.com/ietf-wg-privacypass/base-drafts/issues/180
- Architecture: One protocol or two? https://github.com/ietf-wg-privacypass/base-drafts/issues/153 [architecture] [editorial]
- Architecture: Origin definition https://github.com/ietf-wg-privacypass/base-drafts/issues/154 [architecture]
- Cross-origin MUST NOT https://github.com/ietf-wg-privacypass/base-drafts/issues/155 [architecture]
- Architecture: Forward reference for split model, etc. https://github.com/ietf-wg-privacypass/base-drafts/issues/156 [architecture]
- Architecture: Who does what and definition of "Client" in the introduction https://github.com/ietf-wg-privacypass/base-drafts/issues/158
- Architecture: Consistency in order and diagrams for redemption protocol vs. issuance protocol https://github.com/ietf-wg-privacypass/base-drafts/issues/159
- Architecture nit: RFC 2119 keywords in section 3 https://github.com/ietf-wg-privacypass/base-drafts/issues/160
- Architecture: Extension/issuer protocol requirements for privacy impact analysis https://github.com/ietf-wg-privacypass/base-drafts/issues/161
- Architecture: Key rotation recommendations don't depend on number and frequency of client interactions? https://github.com/ietf-wg-privacypass/base-drafts/issues/162
- Arch: s.3.1: Meaning of "cross-origin" https://github.com/ietf-wg-privacypass/base-drafts/issues/165
- Arch: s.3.2: Concurrent security https://github.com/ietf-wg-privacypass/base-drafts/issues/166
- Arch: s.3.2.1: SHOULD versus should https://github.com/ietf-wg-privacypass/base-drafts/issues/167
- Arch: Nit: Inconsistent capitalization https://github.com/ietf-wg-privacypass/base-drafts/issues/168
- Arch: s.5.3: Meaning of "distribution of Issuer trust" https://github.com/ietf-wg-privacypass/base-drafts/issues/169
- Arch: s.5.3.1: Who is the verifier https://github.com/ietf-wg-privacypass/base-drafts/issues/170
- Arch: s.6.1: Threat model for Token exhaustion https://github.com/ietf-wg-privacypass/base-drafts/issues/171
- What is an 'architectural framework'? https://github.com/ietf-wg-privacypass/base-drafts/issues/173
- Arch: Relationship to HTTP https://github.com/ietf-wg-privacypass/base-drafts/issues/174
- Arch: Abstract is very... abstract. https://github.com/ietf-wg-privacypass/base-drafts/issues/175
- Architecture: Security considerations https://github.com/ietf-wg-privacypass/base-drafts/issues/157 [architecture]
- Architecture: Security considerations nit https://github.com/ietf-wg-privacypass/base-drafts/issues/163
Pull requests
-------------
* ietf-wg-privacypass/base-drafts (+13/-7/đź’¬5)
13 pull requests submitted:
- Add section on timing attacks (by chris-wood)
https://github.com/ietf-wg-privacypass/base-drafts/pull/196
- Clarify non-collusion requirements (by chris-wood)
https://github.com/ietf-wg-privacypass/base-drafts/pull/195
- Clarify issuance protocol input (by chris-wood)
https://github.com/ietf-wg-privacypass/base-drafts/pull/194
- Clarify transitive trust in attesters (by chris-wood)
https://github.com/ietf-wg-privacypass/base-drafts/pull/193
- Remove unlinkability implication from issuance secrecy (by chris-wood)
https://github.com/ietf-wg-privacypass/base-drafts/pull/192
- Clarify token key ID truncation (by chris-wood)
https://github.com/ietf-wg-privacypass/base-drafts/pull/184
- Clarify truncated key id in the TokenRequest message (by chris-wood)
https://github.com/ietf-wg-privacypass/base-drafts/pull/183
- Clarify unconditional input secrecy (by chris-wood)
https://github.com/ietf-wg-privacypass/base-drafts/pull/182
- Consolidate key rotation content (by chris-wood)
https://github.com/ietf-wg-privacypass/base-drafts/pull/181
- Not an architectural framework (by chris-wood)
https://github.com/ietf-wg-privacypass/base-drafts/pull/178
- Apply cjpatton's edits (by chris-wood)
https://github.com/ietf-wg-privacypass/base-drafts/pull/177
- Editorial pass rebase (by chris-wood)
https://github.com/ietf-wg-privacypass/base-drafts/pull/176
- Editorial changes (by cjpatton)
https://github.com/ietf-wg-privacypass/base-drafts/pull/172
4 pull requests received 5 new comments:
- #182 Clarify unconditional input secrecy (1 by nikitaborisov)
https://github.com/ietf-wg-privacypass/base-drafts/pull/182
- #178 Not an architectural framework (1 by chris-wood)
https://github.com/ietf-wg-privacypass/base-drafts/pull/178
- #172 Editorial changes (2 by chris-wood, cjpatton)
https://github.com/ietf-wg-privacypass/base-drafts/pull/172
- #164 Editorial nits found during WGLC review (1 by chris-wood)
https://github.com/ietf-wg-privacypass/base-drafts/pull/164
7 pull requests merged:
- Clarify truncated key id in the TokenRequest message
https://github.com/ietf-wg-privacypass/base-drafts/pull/183
- Clarify token key ID truncation
https://github.com/ietf-wg-privacypass/base-drafts/pull/184
- Clarify unconditional input secrecy
https://github.com/ietf-wg-privacypass/base-drafts/pull/182
- Consolidate key rotation content
https://github.com/ietf-wg-privacypass/base-drafts/pull/181
- Address WGLC review issues
https://github.com/ietf-wg-privacypass/base-drafts/pull/178
- Apply cjpatton's edits
https://github.com/ietf-wg-privacypass/base-drafts/pull/177
- Editorial nits found during WGLC review
https://github.com/ietf-wg-privacypass/base-drafts/pull/164
Repositories tracked by this digest:
-----------------------------------
* https://github.com/ietf-wg-privacypass/base-drafts
- [Privacy-pass] Weekly github digest (Privacy Pass… Repository Activity Summary Bot