| rfc9578v3.txt | rfc9578.txt | |||
|---|---|---|---|---|
| Internet Engineering Task Force (IETF) S. Celi | Internet Engineering Task Force (IETF) S. Celi | |||
| Request for Comments: 9578 Brave Software | Request for Comments: 9578 Brave Software | |||
| Category: Standards Track A. Davidson | Category: Standards Track A. Davidson | |||
| ISSN: 2070-1721 NOVA LINCS, Universidade NOVA de Lisboa | ISSN: 2070-1721 NOVA LINCS, Universidade NOVA de Lisboa | |||
| S. Valdez | S. Valdez | |||
| Google LLC | Google LLC | |||
| C. A. Wood | C. A. Wood | |||
| Cloudflare | Cloudflare | |||
| May 2024 | June 2024 | |||
| Privacy Pass Issuance Protocols | Privacy Pass Issuance Protocols | |||
| Abstract | Abstract | |||
| This document specifies two variants of the two-message issuance | This document specifies two variants of the two-message issuance | |||
| protocol for Privacy Pass tokens: one that produces tokens that are | protocol for Privacy Pass tokens: one that produces tokens that are | |||
| privately verifiable using the Issuer Private Key and one that | privately verifiable using the Issuer Private Key and one that | |||
| produces tokens that are publicly verifiable using the Issuer Public | produces tokens that are publicly verifiable using the Issuer Public | |||
| Key. Instances of "issuance protocol" and "issuance protocols" in | Key. Instances of "issuance protocol" and "issuance protocols" in | |||
| skipping to change at line 725 ¶ | skipping to change at line 725 ¶ | |||
| Content-Length: <Length of TokenResponse> | Content-Length: <Length of TokenResponse> | |||
| <Bytes containing the TokenResponse> | <Bytes containing the TokenResponse> | |||
| 6.3. Finalization | 6.3. Finalization | |||
| Upon receipt, the Client handles the response and, if successful, | Upon receipt, the Client handles the response and, if successful, | |||
| processes the content as follows: | processes the content as follows: | |||
| authenticator = | authenticator = | |||
| Finalize(pkI, nonce, blind_sig, blind_inv) | Finalize(pkI, PrepareIdentity(token_input), blind_sig, blind_inv) | |||
| The Finalize function is defined in Section 4.4 of [BLINDRSA]. If | The Finalize function is defined in Section 4.4 of [BLINDRSA]. If | |||
| this succeeds, the Client then constructs a token as described in | this succeeds, the Client then constructs a token as described in | |||
| [AUTHSCHEME] as follows: | [AUTHSCHEME] as follows: | |||
| struct { | struct { | |||
| uint16_t token_type = 0x0002; /* Type Blind RSA (2048-bit) */ | uint16_t token_type = 0x0002; /* Type Blind RSA (2048-bit) */ | |||
| uint8_t nonce[32]; | uint8_t nonce[32]; | |||
| uint8_t challenge_digest[32]; | uint8_t challenge_digest[32]; | |||
| uint8_t token_key_id[32]; | uint8_t token_key_id[32]; | |||
| skipping to change at line 1032 ¶ | skipping to change at line 1032 ¶ | |||
| Author: See the Authors' Addresses section of RFC 9578. | Author: See the Authors' Addresses section of RFC 9578. | |||
| Change controller: IETF | Change controller: IETF | |||
| 9. References | 9. References | |||
| 9.1. Normative References | 9.1. Normative References | |||
| [ARCHITECTURE] | [ARCHITECTURE] | |||
| Davidson, A., Iyengar, J., and C. A. Wood, "The Privacy | Davidson, A., Iyengar, J., and C. A. Wood, "The Privacy | |||
| Pass Architecture", RFC 9576, DOI 10.17487/RFC9576, May | Pass Architecture", RFC 9576, DOI 10.17487/RFC9576, June | |||
| 2024, <https://www.rfc-editor.org/info/rfc9576>. | 2024, <https://www.rfc-editor.org/info/rfc9576>. | |||
| [AUTHSCHEME] | [AUTHSCHEME] | |||
| Pauly, T., Valdez, S., and C. A. Wood, "The Privacy Pass | Pauly, T., Valdez, S., and C. A. Wood, "The Privacy Pass | |||
| HTTP Authentication Scheme", RFC 9577, | HTTP Authentication Scheme", RFC 9577, | |||
| DOI 10.17487/RFC9577, May 2024, | DOI 10.17487/RFC9577, June 2024, | |||
| <https://www.rfc-editor.org/info/rfc9577>. | <https://www.rfc-editor.org/info/rfc9577>. | |||
| [BLINDRSA] Denis, F., Jacobs, F., and C. A. Wood, "RSA Blind | [BLINDRSA] Denis, F., Jacobs, F., and C. A. Wood, "RSA Blind | |||
| Signatures", RFC 9474, DOI 10.17487/RFC9474, October 2023, | Signatures", RFC 9474, DOI 10.17487/RFC9474, October 2023, | |||
| <https://www.rfc-editor.org/info/rfc9474>. | <https://www.rfc-editor.org/info/rfc9474>. | |||
| [HTTP] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, | [HTTP] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, | |||
| Ed., "HTTP Semantics", STD 97, RFC 9110, | Ed., "HTTP Semantics", STD 97, RFC 9110, | |||
| DOI 10.17487/RFC9110, June 2022, | DOI 10.17487/RFC9110, June 2022, | |||
| <https://www.rfc-editor.org/info/rfc9110>. | <https://www.rfc-editor.org/info/rfc9110>. | |||
| End of changes. 4 change blocks. | ||||
| 4 lines changed or deleted | 4 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||