Markdown Version | Session Recording

Session Date/Time: 31 Mar 2023 03:00

privacypass

Summary

This meeting covered the status of working group documents, rate limit tokens, batch tokens, key consistency, and public metadata tokens. Discussions focused on the privacy implications of different token designs and the need for standardized approaches to key and configuration consistency.

Key Discussion Points

• Rate Limit Tokens:
  • Discussion on how rate limits are enforced by testers and the implications for overall rate limiting effectiveness.
  • Need to expand text to clarify caveats regarding rate limits when multiple testers are involved.
  • Bike shedding on names like "anonymous origin ID" and the name for the issuer-generated response.
  • Need to reference the key consistency draft and address consistency for key pairs.
• Batch Tokens:
  • Proposal for a batch token issuance protocol to improve efficiency compared to privately verifiable tokens.
  • Considerations regarding security implications of using smaller key sizes (e.g., ristretto255) and potential mitigation strategies.
  • Stephen Well suggested considering a version that still uses p384.
  • Rafael to propose on list.
• Key Consistency:
  • Ben presented on the key consistency problem and potential solutions, emphasizing the need to prevent issuers from deanonymizing clients.
  • Discussion on the private state tokens (PST) proposal and its approach to key commitment list distribution.
  • Need for a concrete protocol to allow user agents to solve the key consistency problem without having to design and operate their own services.
  • Tony Poly suggested leveraging the existing trust relationship with the tester to solve key consistency.
  • Discussion of split vs. joint tester/issuer models.
• Public Metadata Tokens:
  • Scott introduced the concept of using public metadata within privacy pass tokens, building on Gauss's work.
  • Discussion on the motivation for metadata and its potential uses, such as key rotation or expiry groups.
  • Concerns raised about the privacy implications of metadata, particularly the potential for creating trackable groups of users.
  • Metadata measurement is needed to show the clients and other clients that the client is still private, and the size of the group that they're in.
  • Discussions should include configuration consistency.

Decisions and Action Items

• Rate Limit Tokens:

  • File an issue relating to centralization considerations.
  • Expand text to clarify caveats of rate limits with multiple testers.
  • Brainstorm better names for "anonymous origin ID" and associated issuer-generated response, use Github issues.

• Batch Tokens:

  • Rafael to propose adoption on mailing list

• Key Consistency:

  • Determine whether to form a design team to explore key consistency solutions. Contact chairs if interested in joining the design team.
  • Focus on key consistency as it pertains to privacy pass the protocol.

• Public Metadata Tokens:

  • Have more discussion on the mailing list.
  • Consider adopting this draft.

Next Steps

• Authors to address action items and issues raised for Rate Limit Tokens.
• Rafael will propose adoption of batch tokens on the mailing list.
• Chairs to determine next steps for the key consistency discussion, potentially including forming a design team.
• Discuss Public Metadata Tokens on mailing list.