**Session Date/Time:** 20 Mar 2024 05:00

# privacypass

## Summary
The privacypass meeting at IETF 119 covered several topics including updates on core documents, discussions on key resource consistency, metadata extensions, and privacy pass APIs on the web. A key focus was on the trade-offs between privacy and utility when using metadata and tokens, as well as the need for clear definitions of trust models and anonymity sets.

## Key Discussion Points
*   **Key Resource Consistency:**
    *   Discussion on whether to encapsulate only the content and specific headers (e.g., Content-Type) or the entire resource in the key consistency draft.
    *   Debate on how to handle configuration rotation (resource changes before expiration) and if the draft should mandate specific solutions or leave it to the application layer.
    *   Concerns about client IP leakage when clients directly access mirrors.
    *   Clarification needed on whether the mirror provides authenticity or only consistency.
*   **Metadata Extensions:**
    *   Discussion on the potential for metadata extensions to be used to identify individual clients and the need for privacy considerations.
    *   Example of how extensions are being used in Chrome IP protection, including expiration timestamp, geo hint, service type, debug mode, and proxy layer metadata.
    *   Debate on whether to adopt an expiration extension draft.
    *   Concerns about potential pollution of the extension namespace with proprietary extensions and the need for a private use space.
*   **Privacy Pass APIs on the Web:**
    *   Overview of private access tokens and private state tokens.
    *   Challenges of reasoning about and limiting interactions between members of the ecosystem.
    *   The meaning of a token bit is essentially unknowable to the client.
    *   Discussion about the trust model on the web and how to ensure trustworthiness of issuers.
    *   Need for ways to measure anonymity set size.
    *   The client's IP address is highly identifying.

## Decisions and Action Items
*   **Key Resource Consistency:**
    *   Open an issue to discuss using digests and Content-Type header instead of encapsulating the entire resource.
    *   Add language to the draft about the challenges of configuration rotation and its implications for application design.
*   **Metadata Extensions:**
    *   Consider adopting an expiration extension draft.
    *   Consider a private use space to prevent polluting the IANA registry with proprietary extensions.
    *   Investigate the existing review feedback on reverting to private use blocks.
*   **Rate Limit Tokens:** Watson Led to send out an email with more content explaining the main differences of his proposal.

## Next Steps
*   Continue iterating on the existing metadata drafts.
*   Discuss the rate limit token proposal on the mailing list.
*   Further discussion on the BBS proposal for selective disclosure.
*   Continue the discussion on privacy pass and the web, focusing on trust models, anonymity sets, and governance.