Redemption time

Question

Redemption time

chris-wood opened this issue a year ago · 10 comments

Why is redemption_time encoded in a redemption request? Can't redeemers simply infer this time from when a request is received? It seems a bit superfluous to me.

Answer 1 · 2023-05-25T13:40:38.000Z

I believe this is legacy and that the ISSUER_PROTOCOL.md is out of date. The redemption_time is no longer encoded in the redemption in PSTv1. The current struct, afaik, is:

struct {
   uint32 key_id;
   opaque nonce<nonce_size>;
   ECPoint W;
} Token;

struct {
   opaque token<1..2^16-1>; // Bytestring containing a serialized Token struct.
   opaque client_data<1..2^16-1>;
} RedeemRequest;

Client_data is un specified, but in chrome's implementation this is a CBOR encoded payload.

Answer 2 · 2023-05-25T13:46:03.000Z

I've added a note that ISSUER_PROTOCOL is out of date, hopefully we'll get the spec changes merged in early next week (tracking as part of #230), but Colin's struct udnerstanding is the current one.

Answer 3 · 2023-05-25T13:51:25.000Z

@dvorak42 is client_data somehow bound to the redemption token? If not, why is it not just sent in a separate header or something?

Answer 4 · 2023-05-25T14:05:20.000Z

In the version we ended up on for PSTv1, we don't currently bind client_data to anything (and I believe is actually null in Chrome's implementation). We'll probably just chop it out for vStandard and make RedeemRequest be the token directly unless there's a push to bind redemption data into the redemption request.

Answer 5 · 2023-05-25T14:06:22.000Z

Great -- thanks. If you chop it out, are you left with basic Privacy Pass?

Answer 6 · 2023-05-25T14:28:27.000Z

Yeah, if we end up chopping it out I think we can align the redeemrequest to be the token shape from privacypass.

Answer 7 · 2023-05-25T14:56:07.000Z

Even if you left it in, couldn't you achieve what you want via Privacy Pass with public metadata?

Answer 8 · 2023-05-25T15:04:23.000Z

This would be a binding at redemption time, so we wouldn't be able to use public metadata then.

Answer 9 · 2023-05-25T15:19:52.000Z

fwiw, the current client_data in PSTv1 in Chrome M114 is this:

{
  'redeeming-origin': 'https://private-state-token.colinbendell.dev',
  'redemption-timestamp': 1685027748
}

Presumably, the origin is intended to use this to prevent replay and forgeries.

Answer 10 · 2024-06-08T15:03:03.000Z

fwiw, the current client_data in PSTv1 in Chrome M114 is this:
{
  'redeeming-origin': 'https://private-state-token.colinbendell.dev',
  'redemption-timestamp': 1685027748
}
Presumably, the origin is intended to use this to prevent replay and forgeries.

How can it be used to prevent replay and forgeries if origin (site sending the redemption request) does not have direct access to client_data?