IRC log of trusttokens on 2019-09-18
Timestamps are in UTC.
- 01:42:14 [RRSAgent]
- RRSAgent has joined #trusttokens
- 01:42:14 [RRSAgent]
- logging to https://www.w3.org/2019/09/18-trusttokens-irc
- 01:42:21 [koalie]
- RRSAgent, make logs public
- 01:42:28 [koalie]
- koalie has changed the topic to: https://w3c.github.io/tpac-breakouts/sessions.html
- 01:42:30 [koalie]
- koalie has left #trusttokens
- 08:37:13 [RRSAgent]
- RRSAgent has joined #trusttokens
- 08:37:13 [RRSAgent]
- logging to https://www.w3.org/2019/09/18-trusttokens-irc
- 08:37:16 [Zakim]
- Zakim has joined #trusttokens
- 08:37:20 [toml]
- present+
- 08:37:23 [kleber]
- kleber has joined #trusttokens
- 08:37:24 [Ian]
- Scribenick: toml
- 08:37:25 [kleber]
- present+
- 08:37:27 [toml]
- scribenick: toml
- 08:37:28 [Ian]
- Meeting: Trust Tokens
- 08:37:36 [Ian]
- present+
- 08:37:56 [toml]
- kleber: Trust Tokens are an API from Chrome's Privacy Sandbox
- 08:38:25 [toml]
- …: history: build on Cloudflare's Privacy Pass
- 08:38:29 [Ian]
- -> https://github.com/dvorak42/trust-token-api Trust Token Explainer
- 08:38:30 [blassey]
- blassey has joined #trusttokens
- 08:38:36 [toml]
- …: want to extend to new uses in this privacy world
- 08:38:43 [MasayaIkeo]
- MasayaIkeo has joined #trusttokens
- 08:38:51 [toml]
- …: goal is to help prevent fraud & abuse
- 08:39:07 [toml]
- …: today, this involves detecting patterns of malicious behavior
- 08:39:17 [dave]
- dave has joined #trusttokens
- 08:39:20 [toml]
- …: if you can't recognize people, that ability vanishes
- 08:39:28 [weiler]
- weiler has joined #trusttokens
- 08:39:43 [johnwilander]
- johnwilander has joined #trusttokens
- 08:39:44 [toml]
- …: this is an attempt to retain some spam/fraud-fighting capabilities while also removing identification/tracking
- 08:39:58 [toml]
- …: core tech: blinded tokens which are crypto magic
- 08:40:24 [toml]
- …: an issuer mints tokens signed with a cryptographic key in a ritual between browser and issuer
- 08:41:32 [Ian]
- toml: Did you mean "indistinguishable from any token signed with the same key"
- 08:42:00 [Ian]
- ...I think they are distinguishable from one another, but you can't tell which one was emitted with a given issuing event
- 08:42:14 [wseltzer]
- wseltzer has joined #trusttokens
- 08:42:41 [Ian]
- toml: They are distinguishable, but not correlatable (across different sites)
- 08:43:00 [toml]
- …: tokens are cryptographically guaranteed to have been issued by the issuer, but each token
- 08:43:58 [toml]
- kleber: tokens are unique, but the issuer doesn't know which tokens it's issued, only how many it's issued and redeemed
- 08:44:13 [toml]
- [some clarification of token primitive]
- 08:44:42 [Ian]
- Chair: Michael Kleber
- 08:44:44 [toml]
- kleber: tokens represent one bit of information: "at some point in the past you trusted me"
- 08:44:53 [Ian]
- (Ian likes "a message to its future self" :)
- 08:45:09 [toml]
- …: way for issuer to send a message to self in future, and message is "you trust this person"
- 08:45:27 [toml]
- …: ex banks might issue tokens to their legit customers
- 08:45:37 [toml]
- …: or Google might give them to longtime search users
- 08:46:01 [toml]
- …: original use case was to represent having completed a CAPTCHA for anonymous user (via Tor)
- 08:47:04 [toml]
- …: Tor users saw dozens of CAPTCHA request on Cloudflare. TT/PP give you a stock of tokens whenever you complete a CAPTCHA, and then you can spend them to avoid future CAPTCHAS for a while
- 08:47:10 [toml]
- …: fine when there's one issuer
- 08:47:28 [toml]
- …: want this to be a web standard where many people can issue tokens in different cases, and no need to use an extension
- 08:47:52 [toml]
- …: needs some limits, imagine 100 issuers — which of those you're holding tokens from might constitute an ID
- 08:48:10 [toml]
- …: so some limit on how many issuers you can be asked to pend tokens from on the same site
- 08:48:27 [toml]
- tony: is this using any hardware based stuff for key storage
- 08:48:38 [toml]
- kleber: all important crypto is server side
- 08:48:44 [toml]
- tony: platform crypto?
- 08:48:47 [toml]
- kleber: yes
- 08:49:04 [toml]
- …: some browser crypto needed to verify the ZKP non-uniqueness key
- 08:49:12 [toml]
- tony: so what does it use today?
- 08:49:38 [toml]
- kleber: platform crypto rn. no in-browser/js impl. no webcrypto RN, who knows the future.
- 08:49:54 [toml]
- kleber: second capability for our use case: ads!
- 08:50:02 [toml]
- …: we want to avoid ads fraud
- 08:50:06 [toml]
- …: next slide please
- 08:50:15 [toml]
- …: ad companies work hard to fight fraud
- 08:50:23 [toml]
- …: want to keep doing that without 3p cookies
- 08:50:56 [toml]
- …: once you've been given and redeemed a trust token, it'd be useful for your browser on the redeeming site to be able to make requests with a proof of that trust
- 08:51:24 [toml]
- …: present token back to google as verifier, google passes back certificate indicating trust from google on NYtimes
- 08:51:43 [toml]
- …: then you have a persistent gesture of trust
- 08:51:59 [toml]
- …: persistant keypair used for this session transaction
- 08:52:07 [toml]
- tony: not bound to http session?
- 08:52:09 [Ian]
- q?
- 08:52:16 [toml]
- kleber: no, more like cookies?
- 08:52:22 [toml]
- +q to ask about certs
- 08:52:26 [toml]
- tony: how scoped?
- 08:52:34 [toml]
- kleber: haven't decided yet
- 08:53:08 [toml]
- …: probably origin tho? IDK? just use more tokens on more domains.
- 08:53:18 [Ian]
- scribenick: Ian
- 08:53:25 [Ian]
- toml: I want to review the transaction flow you outlined.
- 08:53:41 [Ian]
- ...I'm a browser; google issues trust tokens to me; I have them in the browser and visit news.example.
- 08:53:59 [Ian]
- ...they say "I want a trust token; we accept providers, A, B, and Google"
- 08:54:05 [Ian]
- ....the browser gives a trust token and then google verifies?
- 08:54:28 [Ian]
- Michael: Plausible but we were thinking of a different flow
- 08:54:35 [Ian]
- ...browser asks news.example with a cert
- 08:54:51 [Ian]
- toml: So when presented with a challenge from the news site, the browser does a redemption operation on the issuer site
- 08:55:21 [Ian]
- Michael: You provide a trust token (to the issuer), as well as intended scope (news.example), and if you want to use the feature we were discussing, you bind it to a fresh key pair
- 08:55:52 [Ian]
- toml: You take a pluripotent token and convert it to a scoped cert with a lifetime...and you use it on the site you are visiting, but the only thing it identifies is "I just redeemed a token"
- 08:56:08 [Ian]
- ...and when the user agent decides it's time to clear state,
- 08:56:27 [Ian]
- ..then a new request has to happen. That could happen N times with the identity provider (for N tokens) before a re-auth is required
- 08:56:33 [Ian]
- scribenick: Toml
- 08:56:55 [toml]
- kleber: looking for feedback here
- 08:57:18 [toml]
- …: deanon risk exists even though it's 1 bit at a time
- 08:57:46 [btidor]
- btidor has joined #trusttokens
- 08:57:47 [toml]
- …the sort of attacks are exactly the ones you'd expect
- 08:58:23 [toml]
- …i'm a first party you visit regularly, and i ask for many tokens from different providers; eventually, they can produce a cross-site id from those bits
- 08:58:48 [toml]
- …so you need to box the idp selection per site: can't change providers very often
- 08:59:04 [toml]
- …maybe if they change idps, you need to clear info about that site to avoid leakage
- 08:59:55 [toml]
- …likewise everything about tokens being fungible is dependent on a key being used to sign and redeem: malicious issuers could use unique keys for each visitor making a fungible token into a unique id
- 09:00:22 [urata_]
- urata_ has joined #trusttokens
- 09:00:29 [toml]
- …so like at redemption time you can ask the idp what keys it uses, and it can only tell you a couple of keys so you're not bucketed any more narrowly than that
- 09:00:46 [toml]
- ???: so the issuer could use certain keys per ip?
- 09:00:53 [melanierichards]
- melanierichards has joined #trusttokens
- 09:01:04 [toml]
- kleber: recognizing the user lets them do that
- 09:01:36 [toml]
- ???2: another attack surface — potentially revealing which IDPs you rely on
- 09:02:01 [toml]
- kleber: if you're not affiliated with the idps that a site trusts, then maybe you get a bunch of challenges
- 09:02:07 [toml]
- …seems unlikely
- 09:02:25 [toml]
- tony: is there crypto agility in this?
- 09:02:49 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/18-trusttokens-minutes.html Ian
- 09:02:53 [toml]
- ???3: the voprf spec is an individual draft submitted in the IETF
- 09:03:07 [toml]
- …not adopted yet
- 09:03:16 [toml]
- tony: pointer to the internet draft?
- 09:03:27 [Ian]
- s/???3/Brad_Lassey
- 09:04:07 [Ian]
- s/???3/Brad_Lassey/g
- 09:04:13 [toml]
- toml: there are also way old implementations of blind tokens with no ip implications imo
- 09:04:14 [btidor]
- q+
- 09:04:18 [toml]
- ack toml;
- 09:04:21 [toml]
- ack toml
- 09:04:21 [Zakim]
- toml, you wanted to ask about certs
- 09:04:32 [blassey]
- https://datatracker.ietf.org/doc/draft-irtf-cfrg-voprf/
- 09:05:05 [toml]
- ben: how does issuance work? a first party with lots of confidence in a user. for a payments use case with many different sources of trust? can you use that?
- 09:05:13 [toml]
- kleber: probs not, tbh
- 09:05:26 [toml]
- kleber: the issuer doesn't have to be someone you're visiting right now
- 09:06:05 [toml]
- kleber: news.example could ask for trust-r-us.example to issue stuff just on the basis on news.example activity!
- 09:06:09 [reillyg]
- reillyg has joined #trusttokens
- 09:06:16 [toml]
- …so can be single-domain
- 09:06:31 [toml]
- …cross-domain usage like that would require cross-domain tracking
- 09:06:43 [Ian]
- q+
- 09:07:10 [Ian]
- toml: You said "they need ot avoid linking you to the device"; that's not true...you just need to authenticate one time and you could potentially keep them around on the same or another device
- 09:07:25 [toml]
- …but maybe a credit-card company knows you real well
- 09:07:53 [wseltzer]
- ack ian
- 09:08:08 [toml]
- Ian: so suppose i go to make a payment, the payment handler goes to an issuing bank and gets trust tokens, and that's better than the alternative
- 09:08:33 [blassey]
- q?
- 09:08:37 [toml]
- ben: really thinking of payments without existing relationship
- 09:09:37 [Ian]
- toml: I think that that use case is weird. The issuing bank would issue a credential.
- 09:09:47 [Ian]
- ..and they would be worth money
- 09:09:54 [toml]
- mark: haven't read the proposal in a while
- 09:10:01 [toml]
- …so i'm browsing
- 09:10:02 [rbyers]
- rbyers has joined #trusttokens
- 09:10:11 [toml]
- …and sometimes i accumulate these tokens, just 'cause
- 09:10:24 [toml]
- …and sometimes i do other things, and have to spend those tokens
- 09:10:33 [toml]
- …can that site say which tokens they accept?
- 09:10:46 [toml]
- kleber: yes, can be multiple, can't be many
- 09:10:52 [toml]
- q+ to ask about issuer binding
- 09:11:01 [toml]
- mark: so the goal is for them to represent trust
- 09:11:08 [toml]
- …but they could represent something else
- 09:11:12 [jeffh]
- q?
- 09:11:25 [toml]
- kleber: behold the question: who can be an issuer?
- 09:11:41 [toml]
- …but if we allow anyone to issue them, maybe they're used for non-trust reasons?
- 09:11:45 [toml]
- …what even
- 09:11:53 [toml]
- …what restrictions do we need if we do that
- 09:12:11 [toml]
- mark: but when there's a privileged action, that sounds like consolidation of power
- 09:12:17 [toml]
- …v. interesting
- 09:12:31 [toml]
- kleber: yea, but i hope this sounds pretty benign
- 09:12:38 [toml]
- mark: IDK, you know
- 09:12:44 [toml]
- …could get weird
- 09:12:48 [Ian]
- q?
- 09:12:50 [toml]
- kleber:yeah
- 09:12:59 [toml]
- tony: can they be shared between browsers?
- 09:13:08 [toml]
- kleber: expect them to be browser-specific
- 09:13:24 [toml]
- …not accessible to js apis or ~~~~extensions~~~
- 09:13:45 [Ian]
- ack btidor
- 09:13:49 [toml]
- mwest: possible to for browsers to share if they want, possibly syncing.
- 09:13:50 [Ian]
- ack tom
- 09:13:50 [Zakim]
- toml, you wanted to ask about issuer binding
- 09:13:54 [Ian]
- scribenick: Ian
- 09:14:07 [rmondello]
- rmondello has joined #trusttokens
- 09:14:09 [Ian]
- toml: You mentioned (Michael) limiting a site to only accepting trust tokens from a couple of possible issuers
- 09:14:27 [Ian]
- ...but that seems like it would trap a site in the dilemma of which 3 companies it might rely on.
- 09:14:51 [Ian]
- ...I would suggest that it is innocuous to require a site to pick a small number of parties it is willing to rely on
- 09:15:00 [Ian]
- Michael: It's a tradeoff
- 09:15:08 [Ian]
- ...entropy leakage v. flexibility
- 09:15:26 [Rossen_]
- Rossen_ has joined #trusttokens
- 09:15:32 [Ian]
- toml: I am optimistic that there's an approach that can put a ceiling on the cross-site entropy by having some degree of negotiation between browsers and sites
- 09:15:39 [Rossen_]
- q?
- 09:15:46 [Ian]
- ...where browsers get to pick and may do things inconsistently (intentionally)
- 09:15:53 [toml]
- scribenick: toml
- 09:16:02 [toml]
- ???2: do tokens live forever?
- 09:16:14 [toml]
- kleber: only as long as those issuing keys are valid
- 09:16:22 [toml]
- …browsers could limit key lifetimes
- 09:16:30 [toml]
- …could be some lifetime for those things
- 09:16:39 [toml]
- …but evertokens seem fine too probably
- 09:17:05 [toml]
- …seems like fast rotation is also bad because revealing
- 09:17:08 [toml]
- ben: revocable?
- 09:17:10 [jeffh]
- q?
- 09:17:12 [toml]
- kleber: nope
- 09:17:30 [toml]
- kleber: so probably don't give out too many tokens
- 09:17:44 [Ian]
- toml: I propose "fungible" instead of "indistinguishable"
- 09:17:53 [Ian]
- michael: Sounds good
- 09:18:01 [toml]
- …but maybe that's why you rotate keys
- 09:18:18 [toml]
- kleber: what the browser knows is that the token is signed by a particular key
- 09:18:41 [toml]
- …or it could be signed by any of N keys! that's another neat trick!
- 09:18:41 [Ian]
- toml: Might be compatible with older versions of blind sigs
- 09:19:09 [toml]
- …before, it was signed with a particular key, now it might only be signed with one of several keys
- 09:19:22 [toml]
- …so now you can issue trust and distrust too!
- 09:19:36 [toml]
- …some of those keys are for the good bit, some for the bad bit
- 09:19:58 [toml]
- …so you can secretly issue people bad tokens when they think they're getting good tokens
- 09:20:12 [toml]
- …good for preventing fraud by lengthening the cycle
- 09:20:35 [toml]
- ???2: but presumably the relying site is going to give the game away
- 09:20:50 [toml]
- kleber: no, redemption happens on the issuer site to get that cert
- 09:21:08 [toml]
- …but yes you're right, they might give the game away
- 09:21:21 [toml]
- …but maybe they pretend to do the right thing, but secretly don't
- 09:21:29 [blassey]
- q?
- 09:21:45 [toml]
- john: can consume the tokens and claim legitimacy, but only the user is fooled
- 09:21:50 [wseltzer]
- q+
- 09:21:53 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/18-trusttokens-minutes.html Ian
- 09:22:04 [toml]
- kleber: relevance to conversion measurement
- 09:22:22 [toml]
- john: how to prevent fraud with non-identifying ad-click attribution
- 09:22:23 [wseltzer]
- q+ to ask where you/the room would like to see this go next
- 09:22:45 [toml]
- …soooo, maybe we use trust tokens with the attribution reports to anti-sibyl?
- 09:23:00 [toml]
- …two tokens, one at click time, and one from the advertiser when you convert
- 09:23:15 [toml]
- …but only when the browser associates those events are those things used
- 09:23:44 [toml]
- kleber: yes, multipurpose! can be used for many situations where a server wants to send fungible messages to future self
- 09:23:53 [toml]
- …might not be a single bit, might not need to be hidden
- 09:24:05 [toml]
- …might just want to report a conversion of type seventeen
- 09:24:14 [toml]
- …token wrapped around 17, blind sig on 17
- 09:24:26 [toml]
- …then those private tokens can be passed around like this
- 09:24:45 [toml]
- john: that would make all these advertisers and so on issuers of tokens
- 09:25:26 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/18-trusttokens-minutes.html Ian
- 09:25:28 [Ian]
- ack wsl
- 09:25:30 [toml]
- …one more thing: because of how it's specced for 24-48h delay before reports, proofs can be lazily checked to help prevent sneaky iding
- 09:25:31 [Ian]
- ack ws
- 09:25:31 [Zakim]
- wseltzer, you wanted to ask where you/the room would like to see this go next
- 09:25:46 [toml]
- wendy: where do you and the room see this going next?
- 09:26:05 [toml]
- kleber: for me, personally, most interested in the ad fraud use case as cookies stop being good for that
- 09:26:09 [toml]
- …but clearly lots of them
- 09:26:15 [toml]
- …just came up with another use case
- 09:26:32 [toml]
- …works with microsoft's auditability spec
- 09:26:44 [Ian]
- (Soft proposal: WICG)
- 09:26:46 [toml]
- ???3: so wicg?
- 09:27:06 [toml]
- ???4: does someone else want this?
- 09:27:14 [toml]
- kleber: cloudflare, for sure
- 09:27:17 [Ian]
- s/???3/blassey
- 09:27:18 [toml]
- john: apple too
- 09:27:30 [wseltzer]
- s/???4/rickbyers/
- 09:27:42 [Ian]
- toml: I am not sure WICG is the right venue
- 09:28:04 [Ian]
- wseltzer: WICG can be a place for collaborative development and is designed for that
- 09:28:09 [toml]
- wendy: wicg could support collaborative development!
- 09:28:32 [toml]
- …if there's a pattern of non-collaborative development, that shouldn't reflect the norm
- 09:28:50 [Ian]
- toml: Could be in the privacy CG
- 09:29:02 [toml]
- kleber: seems like wicg is right
- 09:29:45 [Ian]
- toml: My impression of the decision-making mechanic is wicg is that there's one author who writes the spec; that may not be a dynamic that solicits a lot of input
- 09:30:13 [Ian]
- toml: "Trust tokens, very exciting, lots of applications, ready for more work in group TBD!"
- 09:30:21 [RRSAgent]
- I have made the request to generate https://www.w3.org/2019/09/18-trusttokens-minutes.html Ian
- 09:33:21 [MasayaIk_]
- MasayaIk_ has joined #trusttokens
- 10:06:29 [MasayaIkeo]
- MasayaIkeo has joined #trusttokens
- 12:01:18 [dave]
- dave has joined #trusttokens
- 13:19:07 [Zakim]
- Zakim has left #trusttokens
- 13:35:56 [Ian]
- Ian has left #trusttokens