Re: [Privacy-pass] Follow-up: Privacy Pass RWC meeting
Steven Valdez <svaldez@google.com> Tue, 21 January 2020 14:56 UTC
Return-Path: <svaldez@google.com>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C622B1200FE for <privacy-pass@ietfa.amsl.com>; Tue, 21 Jan 2020 06:56:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.499
X-Spam-Level:
X-Spam-Status: No, score=-17.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X2j7xIraPOVW for <privacy-pass@ietfa.amsl.com>; Tue, 21 Jan 2020 06:56:35 -0800 (PST)
Received: from mail-oi1-x22c.google.com (mail-oi1-x22c.google.com [IPv6:2607:f8b0:4864:20::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 201131200CD for <privacy-pass@ietf.org>; Tue, 21 Jan 2020 06:56:35 -0800 (PST)
Received: by mail-oi1-x22c.google.com with SMTP id c77so2777024oib.7 for <privacy-pass@ietf.org>; Tue, 21 Jan 2020 06:56:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=CT/3IBt+JhHsyHd6o1qeQza3oJio1tIBzRwquoZsYao=; b=W5hOiwcQT0z5YtOvrKrBn5+rToiUKsqyOiLbwQ2NzGRoA5mhxlmGema+hdw3TpZNfX 4Hlhl4kk9sviRg9XOit3Gshka8LDLrgp5DfRxnTFekDk7bJQZ68KwMaeolwEQrPMX2JZ JnRAbyr9oV6BttOxKIBFlp+QW32EJwDqNwj18p7iz/drW5bTQ082Q3UBG2z8WyyOaGBn u2ge+DBzYEJmpwXaF8ovG0QnYQUy06DD6gUr2MR6aJBSXgXA/590JkcFzpt/k9jMhk3y vQbqrEwm93/Z5yF1MrxRttx4p83ZPpTAq6pxjQIQyX0xcg6YRPyS9jV+tW4AdLMlk+m8 9clQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=CT/3IBt+JhHsyHd6o1qeQza3oJio1tIBzRwquoZsYao=; b=ZB26JdCSnkCcjwZ/Y7mcTQhaMvoef0WAy2o9eB92x14GPyVs6j6EYMaZzWC6MqLNWL VH/N081BqQnP8dcNJae84P3qAvCfEVgVq/dEpr8NRRttIJvXKjCIlUHmqPk7zTlF1ve3 rSubpxMwVfnTMMBZSgz1k/1ROdPOLtzl4IzeIbCxLWXzIKQezm6CH1x3gha5njcD8Zjj U+FK0WRFqcoIYj2AAmyF4yl9G0jxJgxtJEEWnkVL5/cmNlpuvi38ziThYqYa8Yx/vPi7 a/+ykD5YAiYs3LhNbTFKcPDVbu5HI2up9obtSUgr6h+8tl7Y4/FrHGFs3B1FORayInnp r8qw==
X-Gm-Message-State: APjAAAVbxqG1ABE6sryUFAyeSpldybkN4DorzIy5Xf3rGzunQhOYapOx zG3Rjr+pqRNTmFr+1O76/MZhduC9YrjnBFrGaJtPbMWamyA=
X-Google-Smtp-Source: APXvYqy/NHnoL/DOPRWh50RNO03me0u8LZHk6PUB7NO3S2M44oTr6DQ4KuupbDtTDCmwRAAWvwudjQHpI9el67oHOOI=
X-Received: by 2002:aca:cdd5:: with SMTP id d204mr3267114oig.134.1579618593981; Tue, 21 Jan 2020 06:56:33 -0800 (PST)
MIME-Version: 1.0
References: <691C5715-E1F7-4A97-A6A8-D3983733E51E@cloudflare.com> <AE5688D5-AA80-4A23-8624-53B627FAD7AB@cloudflare.com>
In-Reply-To: <AE5688D5-AA80-4A23-8624-53B627FAD7AB@cloudflare.com>
From: Steven Valdez <svaldez@google.com>
Date: Tue, 21 Jan 2020 09:56:22 -0500
Message-ID: <CANduzxDYjEaTbMKsdwHdW1GXKkAW9=D_6cWuz099MFNqeZvQpw@mail.gmail.com>
To: Alex Davidson <adavidson=40cloudflare.com@dmarc.ietf.org>
Cc: privacy-pass@ietf.org
Content-Type: multipart/alternative; boundary="0000000000002d2438059ca79d85"
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/y-vAGe4GZnUYYss4GmdFokcsmNw>
X-Mailman-Approved-At: Tue, 21 Jan 2020 06:58:21 -0800
Subject: Re: [Privacy-pass] Follow-up: Privacy Pass RWC meeting
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jan 2020 14:56:40 -0000
For the most part the charter looks reasonable. One thing worth figuring out is if extensions to the protocol outside of the main documents are in-scope for the working group The charter talks about setting up a framework for supporting extensions, but is working on other documents describing these extensions part of the WG or should they be done as independent drafts/their own workstream? On Tue, Jan 21, 2020 at 7:32 AM Alex Davidson <adavidson= 40cloudflare.com@dmarc.ietf.org> wrote: > Hi all, > > Just wanted to follow up on accumulating feedback for the charter again. > It’s important that we agree on this since it is necessary to have before > we can proceed with organising a BoF meeting @ the IETF. > Let us know if you have any comments on what is currently written. > > I’m going to move the discussion surrounding the previous agenda items and > the next steps for the BoF process to separate threads. > > Cheers, > Alex > > On 10 Jan 2020, at 17:26, Alex Davidson <adavidson@cloudflare.com> wrote: > > Hi all, > > Thanks to everyone who managed to attend yesterday and contribute to the > interesting discussion! We did not quite manage to finish walking through > the draft charter and there were also some agenda items that we did not > manage to discuss. > > With this in mind, perhaps a good way to move forward would be the > following: > > - I have attached the current iteration of the charter to this email and I > have also created a GitHub repository containing it at > https://github.com/alxdavids/privacy-pass-wg-charter. We can iterate on > the charter on list, or using PRs & issues in the GitHub repo. > - We arrange another side-meeting (probably virtual) between now and the > time of IETF 107 (21-27 Mar, Vancouver) to discuss the rest of the agenda, > which is: > - Next steps for the BoF process and IETF107 > - Discussion of use-cases > - Agreement on protocol extensions > - If anyone would like to raise anything separately then we can discuss it > on this list. > > If we go ahead with the side-meeting, we should aim to have something > close to a stable charter. This would allow us to focus on how to move the > BoF process forward. > > Best, > Alex > > Note: I’ve cleaned up the draft a bit based on the notes that were made > during the meeting. > > ==== BEGIN CHARTER ==== > > The Privacy Pass protocol was first proposed in November 2017 as a > performant mechanism for providing privacy-preserving attestation of a > previous successful authorization between a human and a server. > > The primary purpose of the Privacy Pass working group is to develop and > standardize the protocol, influenced by applications that have arisen from > the wider community. The main requirements of the working group are to > develop a protocol that satisfies the following properties: > > > - Issued tokens are unlinkable with other tokens corresponding to the > same anonymity set. > - Tokens are unforgeable. > - The issuance and verification mechanisms are practically efficient. > > > The aims of the working group can be split into three distinct goals that > we describe below. > > 1) Develop the specification of the generic protocol: > > > - Specify the full cryptographic authorization exchange and > terminology along with suitable ciphersuites (and security > parametrizations) for maintaining security for a meaningful time period. > - The negotiation of ciphersuites is determined by the > application-specific profile and out-of-scope for this protocol. > - Describe the structure of protocol messages. > - Describe a framework for extensions to the base protocol for > achieving additional functionality, or for providing different security > guarantees. > > > 2) Develop the wider architecture for running the protocol > > - Construct interfaces that make the protocol suitable for integration > with potential use-cases. > - Including required functions for applications > - Document potential applications of the protocol and of its > official extensions > - Define the privacy goals for each client during the exchange, along > with expectations placed on the server and the ecosystem at large. > - Analyse mechanisms for tracking via public key and expectations > placed on server. > - Privacy considerations of incentives for not verifying messages > correctly (along with general threat model). > > > 3) Develop document for Privacy Pass in HTTP? > > - Specify a common understanding of how Privacy Pass data is > integrated with HTTP requests and responses for web-based applications. > > > - Specify where key material stored, how it’s accessed, and associated > security considerations > > > > Each goal listed above will be fulfilled with an individual document that > addresses the necessary conditions. Once these documents are completed, > this working group will have concretized a standardized architecture for > constructing instances of the protocol. As a consequence, this will enable > an ecosystem of applications that depend on the authorization framework > provided by Privacy Pass. > > In particular, by the time that the working group achieves consensus > around these documents, we hope to have a number of interoperable > implementations, a clear analysis of the security and privacy > considerations, and a diverse ecosystem of concrete applications. > > Note that the specifications developed by this working group will be > informed by draft-irtf-cfrg-voprf > <https://datatracker.ietf.org/doc/draft-irtf-cfrg-voprf/> which is > currently owned by the Crypto Forum Research Group (CFRG@IRTF). In > addition, draft-privacy-pass > <https://datatracker.ietf.org/doc/draft-privacy-pass/> will serve as a > starting point for the work of the working group. > > ==== END CHARTER ==== > > > > -- > Privacy-pass mailing list > Privacy-pass@ietf.org > https://www.ietf.org/mailman/listinfo/privacy-pass > -- Steven Valdez | Chrome Privacy Sandbox | svaldez@google.com | 210-692-4742
- [Privacy-pass] Follow-up: Privacy Pass RWC meeting Alex Davidson
- Re: [Privacy-pass] Follow-up: Privacy Pass RWC me… Alex Davidson
- Re: [Privacy-pass] Follow-up: Privacy Pass RWC me… Steven Valdez