Misunderstanding of identifiers used in Trust Anchor IDs

[dadrian]

In "Fingerprinting and Client Privacy"

Trust Anchors improves on this design slightly, by having the client only expose the specific trust anchor it wants to use in this particular interaction with a website. [...] If the same identifiers are used between different root programs, then the privacy impact would be mitigated, but so would the utility of the signal.

There appears to be a misunderstanding. The identifiers in Trust Anchor IDs identify CAs used by the server, not root stores in use by the client. The CA identifiers are a global namespace interpreted (or ignored) by clients. See Section 8, Privacy Considerations. The utility of the signal is strongest when the namespace is global, as it would be a consistent identifier for what CAs are in use to all past, present, and future clients. I believe this may have been addressed recently in the draft: https://github.com/davidben/tls-trust-expressions/pull/46/files.

Please make sure your analysis reflects the latest version of the draft, and the full content of the Privacy Considerations section.

[dennisjackson]

The comments reflect the draft submitted for consideration at IETF 120. If you're not aware, IETF drafts are frozen during meetings to allow for meaningful discussion.