From 6b24a14b5ff435229bbd93965ae6ce9d40850b8b Mon Sep 17 00:00:00 2001 From: Aykut Bulut Date: Tue, 15 Aug 2023 10:54:23 -0400 Subject: [PATCH 1/2] Improve token capacity comparison to cookies --- spec.bs | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/spec.bs b/spec.bs index 2d90412..1170217 100644 --- a/spec.bs +++ b/spec.bs @@ -142,16 +142,12 @@ Private State Tokens API performs cross site anonymous authentication without using linkable state carrying cookies [[RFC6265]]. Cookies do provide cross site authentication, however, they fail to provide anonymity. -Cookies store large amounts of information. [[RFC6265]] requires at least 4096 -bytes per cookie and 50 cookies per domain. This means an origin has -50 x 4096 x 2^8 unique identifiers at its disposal. When backed with back end -databases, a server can store arbitrary data for that many unique -users/sessions. - -Compared to a cookie, the amount of data stored in a Private State Token is very -limited. A token stores a value from a set of six values (think of a value of -an enum type of six possible values). Hence a token stores data between 2 and 3 -bits (4 < 6 < 8). This is very small compared to 4096 bytes a cookie can store. +[[RFC6265]] requires at least 4096 bytes per cookie and 50 cookies per +domain. Compared to this capacity at an origin's disposal, the amount of data +stored in a Private State Token by an issuer is very limited. A token stores a +value from a set of six values (think of a value of an enum type of six +possible values). Hence, a token's storage capacity is between 2 and 3 bits (4 +< 6 < 8). This is very small compared to an origin's cookie storage capacity. Moreover, Private State Tokens API use cryptographic protocols that prevents origins from tracking which tokens they issue to which user. When presented with From 3d5bc3baaf23a7cf5c50247df332e11ab6ae74d5 Mon Sep 17 00:00:00 2001 From: Aykut Bulut Date: Thu, 31 Aug 2023 17:03:46 -0400 Subject: [PATCH 2/2] Update background section Stop comparing PST tokens to cookies. Update some other sections to improve the text. --- spec.bs | 49 +++++++++++++++++-------------------------------- 1 file changed, 17 insertions(+), 32 deletions(-) diff --git a/spec.bs b/spec.bs index 1170217..0de8196 100644 --- a/spec.bs +++ b/spec.bs @@ -122,43 +122,28 @@ https://eprint.iacr.org/2020/072.pdf Background {#background} ======================== -The Private State Token API provides a mechanism for anonymous authentication. The -API provided by the user agent does not authenticate clients, instead it facilitates -transfer of authentication information. +The Private State Token API provides a mechanism for transfering limited amount +of information across sites. The API provided by the user agent is not the +source of the information, but the facilitator of the cross site transfer. The +API achieves this through use of Privacy Pass protocol described in +[[!PRIVACY-PASS-ARCHITECTURE]], [[!PRIVACY-PASS-AUTH-SCHEME]]. Private State +Tokens API depends on a joint Attester/Issuer deployment. -Authentication of the clients and token signing are both carried by the same -entity referred to as the **issuer**. This is the joint attester and issuer -architecture described in [[!PRIVACY-PASS-ARCHITECTURE]], -[[!PRIVACY-PASS-AUTH-SCHEME]]. - -User agents store tokens in persistent storage. Navigated origins might fetch/spend -tokens in first party contexts or include third party code that fetch/spend -tokens. Spending tokens is called **redeeming**. +User agents store tokens in persistent storage. Navigated origins might +fetch/spend tokens in first party contexts or include third party code that +fetch/spend tokens. Spending tokens is called **redeeming**. Origins may ask the user agent to fetch tokens from the issuers of their choice. Tokens can be redeemed from a different origin than the fetching one. -Private State Tokens API performs cross site anonymous authentication without -using linkable state carrying cookies [[RFC6265]]. Cookies do provide cross -site authentication, however, they fail to provide anonymity. - -[[RFC6265]] requires at least 4096 bytes per cookie and 50 cookies per -domain. Compared to this capacity at an origin's disposal, the amount of data -stored in a Private State Token by an issuer is very limited. A token stores a -value from a set of six values (think of a value of an enum type of six -possible values). Hence, a token's storage capacity is between 2 and 3 bits (4 -< 6 < 8). This is very small compared to an origin's cookie storage capacity. - -Moreover, Private State Tokens API use cryptographic protocols that prevents -origins from tracking which tokens they issue to which user. When presented with -their tokens, issuers can verify they issued them but cannot link the -tokens to the context of their issuance. Cookies do not have this property. - -Unlike cookies, storing multiple tokens from an issuer does not deteriorate -privacy of the user due to the unlinkability of the tokens. The Private -State Token API allows at most 2 different issuers in a top level origin. This -is to limit the information stored for a user when the issuers are -collaborating. +Privacy Pass protocol is designed to prevent issuers from tracking which tokens +they issued to which user agent. When presented with their tokens, issuers can +verify they issued them but cannot link the tokens to the context of their +issuance. Private State Token API retains this unlinkability property. + +The Private State Token API allows at most 2 different issuers for a given top +level origin. This is to limit the availability of cross site information in +case issuers are collaborating. Private State Token operations rely on [[!FETCH]]. A fetch request corresponding to a specific Private State Token operation can be created and used as a parameter to the