search

GoogleChrome / private-tokens

Apache License 2.0
39 stars 9 forks source link

Private State Token Issuer Request - MAIL.RU #27

Open NET-BEAR opened 1 month ago

NET-BEAR commented 1 month ago

Issuer Name

MAIL.RU

Origin

https://privacy-cs.mail.ru/

Contact Email

adnetwork@vk.company

Key Commitment Endpoint URL

https://privacy-cs.mail.ru/private_state_tokens/key_commitment

Purpose

Checking user authorization on sites that use authorization services and detect fraud and bots.

Disclosure and Acknowledgement

  1. I understand the technical restrictions on key rotation frequency of 60 days in the PST API.
  2. I understand that my issuer registration will be valid for a period of six months after the key commitment is accepted, and that I will need to re-register in this repository following that six-month period.
  3. I understand that in the future renewing my registration for this API may have additional requirements, to reduce the risk of abuse by token issuers.
dvorak42 commented 1 month ago

Your key commitment endpoint appears to 404 and doesn't return valid PST keys.

NET-BEAR commented 1 day ago

My apologies, the domain was indeed unavailable. This endpoint is now operational https://privacy-cs.mail.ru/private_state_tokens/key_commitment

dvorak42 commented 1 day ago

Is it intentional that the origin for the issuer is privacy-ad..., while the key commitment endpoint is privacy-cs...?

If they should be the same, can you please edit the original issue message with the correct domains.

Additionally it appears that privacy-cs.mail.ru/robots.txt is disallowing automated fetching of the key commitments with a wildcard Disallow. You'll need to permit fetching of the key commitments so we're able to correctly fetch and parse the keys.