**Session Date/Time:** 09 Nov 2023 12:00

# privacypass

## Summary

This meeting covered the status of core drafts, discussions around rate limit tokens and key consistency, and further discussion on metadata inclusion within privacy pass tokens. Decisions were made regarding the next steps for several drafts, including moving forward with an adoption call for the first two extension documents.

## Key Discussion Points

*   **Core Draft Status:**
    *   Architecture draft: ISG approved, addressed 80 follow-up items.
    *   Off Scheme draft: Passed working group last call, sent to AD. Need to formally request AD to progress it.
    *   Privacy Pass Protocol: With the RFC editor but blocked by dependencies.
    *   Batch Tokens draft: Authors requested a working group last call.

*   **Rate Limit Tokens:**
    *   Alignment with consistency mirror draft needed.
    *   Considerations around per-origin key consistency checks.  Enumerating all origins in the issuer configuration raises concerns about size and public disclosure.
    *   Discussion about expanding the rate limiting context beyond origin to include URL paths or other application-specific identifiers.
    *   Concerns raised about malicious clients potentially exploiting multiple overlapping rate limiting contexts to amplify their token acquisition ability.

*   **Key Consistency (K-tech/Consistency Mirror Protocol):**
    *   Protocol renamed to "Checking Resource Consistency with HTTP Mirrors".
    *   Simplified consistency checking.
    *   Clarified client behavior when inconsistent responses are received from the mirror.
    *   Discussed dealing with the thundering herd problem.
    *   Consideration of whether to request external review of the mirror protocol given its general utility.

*   **Metadata:**
    *   Revisited the topic of public metadata inclusion in privacy pass tokens.
    *   Concerns remain about the privacy implications.
    *   Discussion on limiting metadata to information already available to the issuer or the client.
    *   Consideration of enumerating possible metadata values in the configuration.
    *   A suggestion was made to adopt the first two extension documents, then assess and implement the individual extensions and work towards consensus.

## Decisions and Action Items

*   **Off Scheme draft:** Chairs will follow-up with AD to ensure progress on the offscheme draft and email the list to request progress.
*   **Batch Token draft:** Chairs will move ahead with a working group last call.
*   **Rate Limit Tokens:** Chris Wood to submit a PR on the rate limiting context.
*   **Key Consistency Draft:** The working group will run an adoption call for the draft on checking resource consistency with HTTP mirrors.
*   **Metadata:** Proceed with running an adoption call for the first two extension documents related to metadata. Establish a basis for metadata extensions.

## Next Steps

*   Chairs to initiate working group last call for batch token draft.
*   Chris Wood to submit a PR for the rate limit token draft addressing context.
*   Run adoption call for "Checking Resource Consistency with HTTP Mirrors".
*   Run adoption call for the first two extension documents establishing a basis for metadata extensions.
*   Discuss the exact mechanism to document acceptable metadata values and extensions to work on.