Markdown Version | Session Recording

Session Date/Time: 24 Jul 2024 00:30

privacypass

Summary

The Privacy Pass working group meeting at IETF 120 covered several key topics, including updates on rate limit tokens, extensions, BBS signatures, and the application of Privacy Pass to the Extensible Authentication Protocol (EAP). The discussion revolved around the future direction of the rate limit tokens draft, negotiation of extensions, the potential of BBS signatures for advanced token features, and the use of privacy pass within the EAP protocol for enhanced privacy.

Key Discussion Points

• Rate Limit Tokens: The discussion focused on the path forward for the rate limit tokens draft, considering options to revise and refine the existing approach, explore alternative cryptographic methods, or potentially abandon the document altogether. Concerns about the complexity and experimental nature of the current draft were raised.
• Privacy Pass Extensions: Scott Hendrickson presented an update on Privacy Pass extensions. The discussion covered potential negotiation strategies for extensions. Concern was expressed that too much complexity would lead to ossification, making it hard to deploy new extensions. Concerns were raised about the entropy introduced by different extension designs.
• BBS Signatures: Watson Ladd provided an update on using BBS signatures with Privacy Pass. The potential for selective disclosure and rate limiting with BBS was highlighted. Questions were raised about the level of support for these cryptographic approaches.
• Privacy Pass and EAP (EPP): Bart and Peresh presented their work on applying Privacy Pass to EAP for anonymous network access. The focus was on protecting against privacy leakage from network service providers and identity providers.

Decisions and Action Items

• Rate Limit Tokens: The authors (Tommy Pauly et al.) will consider the feedback received and decide on a path forward for the rate limit tokens draft. This may include revising the document, exploring alternative cryptographic methods, or focusing on extracting the rate limiting aspects for broader use.
• Privacy Pass Extensions: The working group agreed to focus on defining the basic privacy parameters of each extension, rather than immediately pursuing extension negotiation mechanisms.
• CFRG Adoption: Gauss will present the partially blind RSA cryptography used in the public metadata issuance draft at the CFRG.
• BBS Draft: Watson will write a draft outlining the details of Privacy Pass and BBS.

Next Steps

• Authors to update the rate limit tokens draft or re-scope to address specific concerns, considering the mixed feedback.
• Progress public metadata issuance draft, presenting to CFRG for adoption.
• Write a draft outlining the details of Privacy Pass and BBS.
• Explore the application of EPP further, possibly coordinating with relevant working groups.