**Session Date/Time:** 24 Jul 2023 22:30 # privacypass ## Summary The privacypass IETF meeting covered several key topics, including updates on rate limit tokens, proposed extensions to the privacy pass protocol focusing on metadata, a discussion on configuration consistency design, and related work from the W3C, particularly around private state tokens. Discussions revolved around privacy implications, technical implementation details, and potential next steps for standardization and adoption of the discussed technologies. ## Key Discussion Points * **Rate Limit Tokens:** Updates included clarifications on time windows for rate limiting, handling token challenges from third-party web contexts, and security considerations related to attester selection. The terminology was updated, renaming "anonymous origin ID" and "anonymous issuer origin ID" to "origin alias." * **Privacy Pass Extensions and Metadata:** A new variant of issuance protocols supporting metadata was introduced, allowing issuers to enforce policies based on token requests. The discussion covered structuring metadata with extensions, including an expiration extension, and the need for strong privacy guardrails to prevent client partitioning. * **Configuration Consistency:** The meeting addressed defining key and configuration consistency, outlining protocols for achieving consistency, including shared caches, central databases, and a new design called KCheck. Discussions included inbound vs. outbound approaches, with KCheck offering a generalization of the double-check design. * **W3C Private State Tokens:** An overview of private state tokens (PSTs) being developed in the W3C was presented. Discussion covered its relationship to privacy pass, the governance of issuer/attester systems, and the potential for PSTs to be used in contexts such as age verification. * **Batch Tokens:** A batch token specification was mentioned, suitable for use with VOPRF. ## Decisions and Action Items * **Rate Limit Tokens:** Continue working on key consistency. * **Privacy Pass Extensions and Metadata:** Consider adoption of drafts related to the new metadata protocol with the recognition that more discussion and review is needed, especially focusing on privacy considerations. * **Batch Tokens:** The author will resubmit the batch token spec for consideration. * **Configuration Consistency:** The workgroup will continue discussing the proposal, using the mailing list and potentially scheduling an interim meeting. ## Next Steps * Continue discussions on the privacy pass extensions and metadata proposals, focusing on privacy implications and crypto analysis. * Consider the adoption of the privacy pass extensions and metadata proposals after further discussion. * Further develop the KCheck configuration consistency proposal, with a focus on addressing open questions and issues raised during the meeting. * Coordinate discussions with W3C regarding private state tokens, especially around governance and potential alignment with privacy pass protocols.