IETF Logo Mail Archive

Re: [Privacy-pass] Issuer directory representation (#369)

Colin Bendell <colin@bendell.ca> Fri, 09 June 2023 20:14 UTC

Return-Path: <colin@bendell.ca>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47066C151522 for <privacy-pass@ietfa.amsl.com>; Fri, 9 Jun 2023 13:14:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.096
X-Spam-Level:
X-Spam-Status: No, score=-7.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bendell.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B35r-HlwcAD2 for <privacy-pass@ietfa.amsl.com>; Fri, 9 Jun 2023 13:14:15 -0700 (PDT)
Received: from mail-lj1-x22e.google.com (mail-lj1-x22e.google.com [IPv6:2a00:1450:4864:20::22e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 18423C151085 for <privacy-pass@ietf.org>; Fri, 9 Jun 2023 13:14:14 -0700 (PDT)
Received: by mail-lj1-x22e.google.com with SMTP id 38308e7fff4ca-2b1adf27823so24847751fa.2 for <privacy-pass@ietf.org>; Fri, 09 Jun 2023 13:14:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bendell.ca; s=google; t=1686341653; x=1688933653; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=jWKterru4cXlpw1yl/JjKhaDAeYJbyJIkq3iPpqjp80=; b=fwlb+kyAwp1Qx1OyyTFPraqjB5kaxu/Knmx9M001CpM1VPwzrCb7q9etXHDK4abhSw MSgOjY2DOCh0BlJcrf+Ou0Uzq2+LcdOJG5t7VJnzJ0uv3CEHTRwh6KcVzswBhh5TVtjC eXLdXP+jtl4YWwU4597qUUuaAVjCNQO+zOKBk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686341653; x=1688933653; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=jWKterru4cXlpw1yl/JjKhaDAeYJbyJIkq3iPpqjp80=; b=BmWzdhIeeHCG8mlqBO/Ys03isRe5ShNBBAq38WdFhuBgWUqtHK2sadNm92EK8OvcOF R1NjUg9WQxG4cYvJD4Cqm4C4PeAEw7YzoYeFBm+j6QsQGc+QVG5TrqsaBzZ/TPFXSGS9 JsqkebDohcqGKcy7FE63NuRtG8i1eHNgzbz0vwHmGyEnI85IXHYm7MUfI1iMuorE/tYM eeFeWOYy90B8gVUXTGoo0i58vvkc/JULyvLzVJmktBFp0decmsrcWXOgb0h/xM+NX4zq rjtF4EgYjHoV6KZGGSZJpc/HeqwQeCsZ5qEpNc9EpjKLKqWiPxkKrPwagtXNWV7pA1Wh OL0Q==
X-Gm-Message-State: AC+VfDwdZI3uQ0Uz8j043g9brtmpzb2nH+B1vQsr+AxmjoEgNMPiqJFc zVtpvFJlmxdSs5Cvzf+41LjZeV1aDv1pP/F3gEecFz6IskReRqn6PUw=
X-Google-Smtp-Source: ACHHUZ4tIFjm0j4PJ2tb5WcZA/+YRz84vhrWgwcTj91Fp7B+m+vQsDeh+VICsMLpyumZnPf8tYsWzf08Ag3sVo8iuQ8=
X-Received: by 2002:a2e:9042:0:b0:2b1:fda8:e653 with SMTP id n2-20020a2e9042000000b002b1fda8e653mr1459995ljg.27.1686341652732; Fri, 09 Jun 2023 13:14:12 -0700 (PDT)
MIME-Version: 1.0
References: <fa636aa2-d988-42b2-ad9c-fe0fb25bc960@app.fastmail.com> <CA+AE54cshctSyXsdPkNxcRk3Tn-WPRNzwnSsMvKiqouSdYe9+w@mail.gmail.com> <CAL12FVFPfKp-dC1NCrXmn0wMO2qnLBtW3wuwz2fMirWR-UKA_w@mail.gmail.com>
In-Reply-To: <CAL12FVFPfKp-dC1NCrXmn0wMO2qnLBtW3wuwz2fMirWR-UKA_w@mail.gmail.com>
From: Colin Bendell <colin@bendell.ca>
Date: Fri, 09 Jun 2023 16:14:01 -0400
Message-ID: <CAL12FVGR1G_D=3v0jXATD2bfFreYfR8GN9HAtzH0J2t_-ukeXQ@mail.gmail.com>
To: Eli-Shaoul Khedouri <eli=40intuitionmachines.com@dmarc.ietf.org>
Cc: Christopher Wood <caw@heapingbits.net>, privacy-pass@ietf.org
Content-Type: multipart/alternative; boundary="0000000000002e70ed05fdb8034e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/xtOA2PbDCw7E_Cwh2qk-DzceN50>
Subject: Re: [Privacy-pass] Issuer directory representation (#369)
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Pass Protocol <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Jun 2023 20:14:19 -0000

For reference, I have a few examples using the publicly available keys.

Here is cloudflare's demo issuery directory:
*
https://github.com/colinbendell/private-access-token/blob/main/demo-pat.issuer.cloudflare.com.json

And the same in jwks format (nb: I've set "kid" to the
"truncated_token_key_id" value instead of preserving "version")
*
https://github.com/colinbendell/private-access-token/blob/main/demo-pat.issuer.cloudflare.com.json

You can find others in the repo as well.

On Fri, 9 Jun 2023 at 16:13, Colin Bendell <colin@bendell.ca> wrote:

> The argument for JWK is that it reduces the sprawl of directory syntaxes
> and allows the devs to lean on pre-existing tooling and documentation. JWKS
> does have extensibility built into the RFC to be adapted for this purpose.
>
> The main advantages for using JWKS are:
> 1. we don't need to introduce a new iana for algorithm types.
> issuer-type=2 is the same as alg="PS384". This will further allow for
> future expansion and key selection
>
> 2. adopting a consistent standard leverages existing dev and infra tools
> around the jwk and jwks ecosystem. Particularly for key store loading,
> rotating and management. This is particularly important if aligning
> Private-State-Tokens is a goal of Privacy Pass. With PST, the UA is
> expected to consume these public key stores.
>
> 3. Since it uses the expanded form, and not DER encoded, it sidesteps some
> of the awkwardness of the dev ecosystem for RSASSA-PSS. Most of the
> RSASSA-PSS implementations are spotty which is why WebCrypto has dropped
> support [1]. Converting between RSASSA-PSS and RSA is a bit messy [2] in
> the DER encoded form, it's much more straightforward with the JWK since the
> modulus and exponent are already expanded.
>
> 4. The syntax for JWK already has extensions to pre-calculate the
> token-key-id (see: "x5t#S256" [3]). This is an optimization that can be
> done server side or on origin startup, having it available in a
> materialized form has some convenience advantages.
>
> There are disadvantages as well, which are worth expanding:
> 1. The syntax is terse. it does take a special decoder ring to decipher
> the fields. Likewise, the fields are in expanded form instead of
> encapsulating in DER format. (This is done so that you can very quickly
> sanitize a JWK and remove the secret key fields without having to
> re-encode.)
>
> 2. We would still need to define the iana values to expand JWKS for fields
> like 'issuer-request-uri" or "issuer-name" (for PST), etc. Other fields
> that are already common in the public issuer identifiers [4], like
> 'not-before' and 'version' do have corrolories in JWKS.
>
> 3. While convenient to have the components of the key in expanded form, we
> still need to convert it to the DER encoded form for the purposes of
> Privacy-Pass - specifically for token-key and token-key-id fields.
>
> [1] https://github.com/w3c/webcrypto/pull/325
> [2]
> https://github.com/colinbendell/private-access-token/blob/main/src/utils.js#L382-L395
> [3] https://datatracker.ietf.org/doc/html/rfc7517#section-4.9
> [4]
> https://demo-pat.issuer.cloudflare.com/.well-known/token-issuer-directory
>
> On Fri, 9 Jun 2023 at 06:28, Eli-Shaoul Khedouri <eli=
> 40intuitionmachines.com@dmarc.ietf.org> wrote:
>
>> I do not see a benefit to adopting JWKs at this stage. As you say, they
>> are somewhat complex for the PP use case.
>>
>> Eli
>>
>> On Thu, Jun 8, 2023 at 5:30 PM Christopher Wood <caw@heapingbits.net>
>> wrote:
>>
>>> Colin filed #369 [1] to discuss the current representation we are
>>> currently using for issuer directories. Basically, Privacy Pass chose to
>>> introduce a new representation that bears resemblance to that which is used
>>> in Private State Tokens [2] and is already specified in JSON Web Key Sets
>>> [3]. We should sort out what to do with this discrepancy.
>>>
>>> Speaking for myself, neither a JWK or JWT expert, I think we should
>>> stick with what's currently in the draft because (1) all formats seem
>>> mostly isomorphic and (2) JWKS are, to my knowledge, meant primarily for
>>> JWTs. Moreover, the way that keys are represented seems unnecessarily
>>> complex. Why do we need to specify any of the "kty", "alg", or "kid"
>>> parameters when they can be inferred from the token type and public key?
>>>
>>> Note that this is primarily relevant for origins that consume the
>>> directory and use it for the purposes of challenging clients, but it may in
>>> the future become relevant for clients that want to consume this resource
>>> for consistency checking purposes.
>>>
>>> What do others think?
>>>
>>> Best,
>>> Chris
>>>
>>> [1] https://github.com/ietf-wg-privacypass/base-drafts/issues/369
>>> [2] https://github.com/WICG/trust-token-api/blob/main/ISSUER_PROTOCOL.md
>>> [3] https://datatracker.ietf.org/doc/html/rfc7517
>>>
>>> --
>>> Privacy-pass mailing list
>>> Privacy-pass@ietf.org
>>> https://www.ietf.org/mailman/listinfo/privacy-pass
>>>
>> --
>> Privacy-pass mailing list
>> Privacy-pass@ietf.org
>> https://www.ietf.org/mailman/listinfo/privacy-pass
>>
>

v2.23.0 | Report a Bug | By Email