IETF Logo Mail Archive

Re: [Privacy-pass] Working group last Call for batched Tokens

Raphael Robert <ietf@raphaelrobert.com> Mon, 08 April 2024 19:10 UTC

Return-Path: <ietf@raphaelrobert.com>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5F2AC151545 for <privacy-pass@ietfa.amsl.com>; Mon, 8 Apr 2024 12:10:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=raphaelrobert.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BFqev-RS-y20 for <privacy-pass@ietfa.amsl.com>; Mon, 8 Apr 2024 12:10:46 -0700 (PDT)
Received: from mail-ej1-x62c.google.com (mail-ej1-x62c.google.com [IPv6:2a00:1450:4864:20::62c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8019CC14CEE4 for <privacy-pass@ietf.org>; Mon, 8 Apr 2024 12:10:46 -0700 (PDT)
Received: by mail-ej1-x62c.google.com with SMTP id a640c23a62f3a-a519eae91d1so441346566b.3 for <privacy-pass@ietf.org>; Mon, 08 Apr 2024 12:10:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raphaelrobert.com; s=rr; t=1712603444; x=1713208244; darn=ietf.org; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc:subject:date:message-id:reply-to; bh=jIRa+Mwidp/WJ4Tv5XR49qpzpk9yWkKXewnX3QGlEqE=; b=lCmhNwTSDGWCGB1cnDF04Cyzh8IA4iD37+r3SymVWjEp+fNeAl44Xu2JsXLa/OG0XY H+niNn50whSEYlee4aRtnr9r+6J1dgtuMLVgzusMCjNYfcJM1BkjFKq5AvO830Z8aG6n vPnfpOL4S23VGOzG/io1u6RBiGW+Qv4e8ZcUs=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712603444; x=1713208244; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=jIRa+Mwidp/WJ4Tv5XR49qpzpk9yWkKXewnX3QGlEqE=; b=gE/Fp1nkkHUM3B9e6+jDssao7FAPtoeQbB+l+ODlbD35RLdVYh+P0RO0teC9nGUPOF MuaFJWcmXGXJSsUW1+d/RFvQMDF58LZve6OJEVXtEwlGDZj5cElRgujW5LVAHRwxdYBT FWvQZAfH2n9DwUxUAb8CoHVHki0S7+4UCNpe80r3+kev0hvNWB+KIlPnF5ZB323aptad Dctz2WwKUlVh29jzPH9V0OkDaLmIOTT8Ranj1SijbeTWgD4uRgqWM0x5AXwsdm6ZP8Og A1gLGMvrwUSQfvR9U2JsJ1zjBlqGP/LdiGRs0pbsIMkWo1FOTIQJydc5upTAKQdZdZQ+ ORMw==
X-Forwarded-Encrypted: i=1; AJvYcCUvj6bRzg2JQy369eT5eQMWRrHZFAupO2H/r7WytljEcpLolxYqQBpFlhpcPijnGoFuAnsOrTjnwZQ2bA6hiGPdTGMx1LM=
X-Gm-Message-State: AOJu0YxgZzaLBinydhW8N5JIF0WZzZndhzTU5pAJENeWF51nUgz1/Wrd AXFVRWSJePXxUqdDiG7BUrhk+h7tsUIhhHlfUruzW61rLT6Dut+p6ZHIc4fVRRc=
X-Google-Smtp-Source: AGHT+IH4in/HXeih0vceRljwTDzE9rI5BZJItDsIAFyxljoWw2PbfZqiuOFNbXbj9NXp8h8jieUNOA==
X-Received: by 2002:a17:907:9410:b0:a51:c84b:f17b with SMTP id dk16-20020a170907941000b00a51c84bf17bmr4503716ejc.69.1712603443774; Mon, 08 Apr 2024 12:10:43 -0700 (PDT)
Received: from smtpclient.apple ([2a02:8109:9f19:7000:45a6:a892:1d9e:3136]) by smtp.gmail.com with ESMTPSA id qs28-20020a170906459c00b00a51bed388a4sm3256885ejc.139.2024.04.08.12.10.42 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 08 Apr 2024 12:10:43 -0700 (PDT)
From: Raphael Robert <ietf@raphaelrobert.com>
Message-Id: <C9363CF4-32EA-49FA-ACA2-2A4F2567122A@raphaelrobert.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_3BE1252B-2537-4F54-8FAF-67CAC7C5BC3C"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.500.171.1.1\))
Date: Mon, 08 Apr 2024 21:10:32 +0200
In-Reply-To: <FC5FB29B-F3A8-493A-B70B-C915C82C0419@apple.com>
Cc: Joseph Salowey <joe@salowey.net>, Steven Valdez <svaldez@google.com>, Christopher Wood <caw@heapingbits.net>, privacy-pass@ietf.org
To: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>
References: <CAOgPGoDiW2XgOGkv_ug=TFP=BNJG=SffJVcE8zCnv4cXvudYsw@mail.gmail.com> <CANduzxAPCDhvqV3jOYXiYywLok4g+i5KZw=p=fnszKwuGEw4bw@mail.gmail.com> <113031C1-BD70-402A-9247-20016C5BDE9A@raphaelrobert.com> <CAOgPGoCzLNv+7HnuoqMCmyEq7LtV7UYTBejSsgeJ7Sb8iH=6yA@mail.gmail.com> <15E0A5B4-C2D7-46E7-A82E-DC15F34323D5@apple.com> <DAE8F9B8-3D2F-4F92-B64C-3AF072E65920@raphaelrobert.com> <FC5FB29B-F3A8-493A-B70B-C915C82C0419@apple.com>
X-Mailer: Apple Mail (2.3774.500.171.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/xeOECFXdpKz7Sgs7VfGBlCwVP04>
Subject: Re: [Privacy-pass] Working group last Call for batched Tokens
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Pass Protocol <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Apr 2024 19:10:50 -0000


> On 8. Apr 2024, at 20:52, Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org> wrote:
> 
> 
> 
>> On Apr 8, 2024, at 11:37 AM, Raphael Robert <ietf=40raphaelrobert.com@dmarc.ietf.org <mailto:ietf=40raphaelrobert.com@dmarc.ietf.org>> wrote:
>> 
>> Thanks for the issue, I’ll take a look.
>> 
>> Regarding the question of the redemption being the same – I think that’s only true for the P-384 batched tokens, but not the ristretto255 variant. 
> 
> For ristretto255 is that just because there isn’t a non-batched variant? Could there ever be a non-batched variant?

Yes to the former. As for the latter – in theory there could be, but from what I understand it wasn’t included in the base spec because it wasn’t sufficiently different from the P-384 variant and had an additional security consideration. 

For the batched tokens it made sense to include it because the batched tokens are all about improving efficiency. 

Raphael 

> 
> Thanks,
> Tommy
> 
>> 
>> I will cut a new draft shortly once I looked at the issue, sorry for being slow here.
>> 
>> Thanks
>> 
>> Raphael
>> 
>>> On 8. Apr 2024, at 17:36, 'Tommy Pauly' via ietf <ietf@raphaelrobert.com> wrote:
>>> 
>>> Also chiming in for a review — I just read through the draft and it looks good to me. I didn’t see any particular flaws that I would say need addressing before publication. I filed one very minor editorial issue https://github.com/ietf-wg-privacypass/ietf-draft-privacypass-batched-tokens/issues/8
>>> 
>>> I did have one overall question about our approach to token types and batching: this new batched VOPRF allocates a new token type, although my understanding is that the redemption step doesn’t necessarily need to know anything about it being batched in order to validate the token. To what degree do we want changes to the issuance that don’t impact the nature of the token upon redemption to be reflected in the token type vs some other difference in the request (such as media type, etc, etc)? Is there a security reason that the redeemer needs to know?
>>> 
>>> Tommy
>>> 
>>>> On Apr 7, 2024, at 9:02 PM, Joseph Salowey <joe@salowey.net> wrote:
>>>> 
>>>> RIght now we only have one response to the last call which is not enough to call consensus on.   It would be good to have a draft that is not expired, but I also think before we can continue a consensus call we need a draft with all the outstanding changes as well.  
>>>> 
>>>> Thanks,
>>>> 
>>>> Joe
>>>> 
>>>> On Wed, Mar 20, 2024 at 3:37 AM Raphael Robert <ietf@raphaelrobert.com <mailto:ietf@raphaelrobert.com>> wrote:
>>>>> As soon as that issue is resolved I’ll make one more editorial pass before I cut a new draft. I’ll announce it here.
>>>>> 
>>>>> Raphael
>>>>> 
>>>>>> On 20. Mar 2024, at 06:23, Steven Valdez <svaldez=40google.com@dmarc.ietf.org <mailto:40google.com@dmarc.ietf.org>> wrote:
>>>>>> 
>>>>>> I think this draft looks mostly good and I support it going to the IESG. There is one outstanding issue #6 <https://github.com/ietf-wg-privacypass/ietf-draft-privacypass-batched-tokens/issues/6> (I submitted and forgot to follow up on) regarding adding the VOPRF variant as a defined type since we're relying on that variant for PST. I can try to get a PR for that submitted, though not sure what the ordering between the draft being expired, the WGLC and cutting a new draft should look like?
>>>>>> 
>>>>>> -Steven
>>>>>> 
>>>>>> On Mon, Mar 11, 2024 at 2:47 PM Joseph Salowey <joe@salowey.net <mailto:joe@salowey.net>> wrote:
>>>>>>> This is the working group last call for Batched Token Issuance Protocol (https://datatracker.ietf.org/doc/draft-ietf-privacypass-batched-tokens/).  Please review the document and indicate if it is ready to forward to the IESG by posting comments to this thread.  The internet draft is about to expire but should still be accessible.  Please send your comments by March 26, 2024.  
>>>>>>> 
>>>>>>> Thanks,
>>>>>>> 
>>>>>>> Joe and Ben
>>>>>>> -- 
>>>>>>> Privacy-pass mailing list
>>>>>>> Privacy-pass@ietf.org <mailto:Privacy-pass@ietf.org>
>>>>>>> https://www.ietf.org/mailman/listinfo/privacy-pass
>>>>>> 
>>>>>> 
>>>>>> -- 
>>>>>> 
>>>>>>  Steven Valdez |	 Chrome Privacy Sandbox |	 svaldez@google.com <mailto:svaldez@google.com> |	 Cambridge, MA
>>>>>> -- 
>>>>>> Privacy-pass mailing list
>>>>>> Privacy-pass@ietf.org <mailto:Privacy-pass@ietf.org>
>>>>>> https://www.ietf.org/mailman/listinfo/privacy-pass
>>>>> 
>>>> -- 
>>>> Privacy-pass mailing list
>>>> Privacy-pass@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/privacy-pass
>>> 
>> 
>> -- 
>> Privacy-pass mailing list
>> Privacy-pass@ietf.org <mailto:Privacy-pass@ietf.org>
>> https://www.ietf.org/mailman/listinfo/privacy-pass

v2.23.0 | Report a Bug | By Email