[Privacy-pass] Secdir last call review of draft-ietf-privacypass-protocol-12
Alexey Melnikov via Datatracker <noreply@ietf.org> Tue, 29 August 2023 09:26 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: privacy-pass@ietf.org
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id AD3C6C151095; Tue, 29 Aug 2023 02:26:36 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Alexey Melnikov via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: draft-ietf-privacypass-protocol.all@ietf.org, last-call@ietf.org, privacy-pass@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 11.9.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <169330119669.65226.17314389461019454257@ietfa.amsl.com>
Reply-To: Alexey Melnikov <aamelnikov@fastmail.fm>
Date: Tue, 29 Aug 2023 02:26:36 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/xz1uxQtAzlBLxXhpcq1BjecnfEY>
Subject: [Privacy-pass] Secdir last call review of draft-ietf-privacypass-protocol-12
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.39
List-Id: Privacy Pass Protocol <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Aug 2023 09:26:36 -0000
Reviewer: Alexey Melnikov Review result: Has Nits Reviewer: Alexey Melnikov Review result: Ready with nits I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving security requirements and considerations in IETF drafts. Comments not addressed in last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other last call comments. The Privacy Pass protocol provides a privacy-preserving authorization mechanism. In essence, the protocol allows clients to provide cryptographic tokens that prove nothing other than that they have been created by a given server in the past <https://datatracker.ietf.org/doc/html/draft-ietf-privacypass-architecture>. This document describes the issuance protocol for Privacy Pass built on HTTP. It specifies two variants: one that is privately verifiable using the issuance private key based on the oblivious pseudorandom function from <https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-voprf-21>, and one that is publicly verifiable using the issuance public key based on the blind RSA signature scheme <https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-rsa-blind-signatures-14>. The document is well written and easy to understand. It relies on properties of underlying mechanisms (OPRF/Blind RSA) and also references the PrivacyPass Architecture draft. So assuming these properties hold there are no extra security or privacy concerns to discuss in this document. Nits: Section 7 (Security considerations) says: In particular, Section 4 and Section 5 of [ARCHITECTURE] discuss relevant privacy considerations. Do you really mean section 4 and 5? In the Architecture document I see: 4. Deployment Models 5. Deployment Considerations 6. Privacy Considerations So at least the reference to Section 6 seems to be missing. In Sections 8.3.1-8.3.3 the media type registration template field "Applications that use this media type" has the value "N/A". This field should be describing intended use of these media types, even if there is none at the moment. This field is intended to help implementors decide whether or not they need to support a particular media type, so having it as "N/A" is unhelpful.
- [Privacy-pass] Secdir last call review of draft-i… Alexey Melnikov via Datatracker