Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redemption time #253

Open
chris-wood opened this issue May 25, 2023 · 10 comments
Open

Redemption time #253

chris-wood opened this issue May 25, 2023 · 10 comments
Labels
vStandard

Comments

@chris-wood
Copy link

Why is redemption_time encoded in a redemption request? Can't redeemers simply infer this time from when a request is received? It seems a bit superfluous to me.
@colinbendell
Copy link

colinbendell commented May 25, 2023
edited
Loading

I believe this is legacy and that the ISSUER_PROTOCOL.md is out of date. The redemption_time is no longer encoded in the redemption in PSTv1. The current struct, afaik, is:

struct {
   uint32 key_id;
   opaque nonce<nonce_size>;
   ECPoint W;
} Token;

struct {
   opaque token<1..2^16-1>; // Bytestring containing a serialized Token struct.
   opaque client_data<1..2^16-1>;
} RedeemRequest;

Client_data is un specified, but in chrome's implementation this is a CBOR encoded payload.

@dvorak42
Copy link
Collaborator

I've added a note that ISSUER_PROTOCOL is out of date, hopefully we'll get the spec changes merged in early next week (tracking as part of #230), but Colin's struct udnerstanding is the current one.

@chris-wood
Copy link
Author

@dvorak42 is client_data somehow bound to the redemption token? If not, why is it not just sent in a separate header or something?

@dvorak42
Copy link
Collaborator

In the version we ended up on for PSTv1, we don't currently bind client_data to anything (and I believe is actually null in Chrome's implementation). We'll probably just chop it out for vStandard and make RedeemRequest be the token directly unless there's a push to bind redemption data into the redemption request.

@chris-wood
Copy link
Author

Great -- thanks. If you chop it out, are you left with basic Privacy Pass?

@dvorak42
Copy link
Collaborator

Yeah, if we end up chopping it out I think we can align the redeemrequest to be the token shape from privacypass.

@chris-wood
Copy link
Author

Even if you left it in, couldn't you achieve what you want via Privacy Pass with public metadata?

@dvorak42
Copy link
Collaborator

This would be a binding at redemption time, so we wouldn't be able to use public metadata then.

@colinbendell
Copy link

fwiw, the current client_data in PSTv1 in Chrome M114 is this:

{
  'redeeming-origin': 'https://private-state-token.colinbendell.dev',
  'redemption-timestamp': 1685027748
}

Presumably, the origin is intended to use this to prevent replay and forgeries.

@cooleck
Copy link
Contributor

cooleck commented Jun 8, 2024

fwiw, the current client_data in PSTv1 in Chrome M114 is this:

{
  'redeeming-origin': 'https://private-state-token.colinbendell.dev',
  'redemption-timestamp': 1685027748
}

Presumably, the origin is intended to use this to prevent replay and forgeries.

How can it be used to prevent replay and forgeries if origin (site sending the redemption request) does not have direct access to client_data?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
vStandard
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dvorak42 @colinbendell @chris-wood @cooleck