wangshan
commented
1 year ago A dishonest Aggregator could read the DAP-Taskprov header, rewrite parts of it, provision the rewritten task in the honest Aggregator using some other means, and then proceed to successfully aggregate reports.
You are right the attack does exist, we should consider adding extension codepoint to report shares, it's a small cost to pay to resolve this issue (similar to what taskprov-02 did when dap-02 has extension on report level, but with zero length extension data).
what do you think @cjpatton? Can we propose that and make taskprov a proper extension of DAP?
cjpatton
The Security Considerations section currently says:
This is not the case if one of the Aggregators doesn't use Taskprov, but instead accepts task parameters (including task ID and VDAF verify key) via some other means. A dishonest Aggregator could read the DAP-Taskprov header, rewrite parts of it, provision the rewritten task in the honest Aggregator using some other means, and then proceed to successfully aggregate reports. This could be addressed by adding a zero-length extension to report shares, as honest Aggregators that don't support Taskprov will reject reports with unknown extensions.
This attack scenario may be a little far-fetched, as in practice I think aggregators will advertise if they support Taskprov. Furthermore, I think it will be common for other kinds of DAP deployments to define their own incompatible derivation relationships between the
task_idandvdaf_verify_key. This came up while writing up ietf-wg-ppm/draft-ietf-ppm-dap#500.