Open richajaindce opened 1 year ago
In https://github.com/patcg-individual-drafts/ipa/issues/38#issuecomment-1471281272 @bmcase reminds us that we need to have the site pick whether the event is a source or trigger event. That means
enum PrivateAttributionEventType {
"source",
"trigger",
}
Adding that as an argument to getEncryptedMatchKey
outside of the options is probably the right answer.
I'm looking through the minutes and I'm not sure we aligned on the interface for getEncryptedMatchKey
. I.e. do we want PrivateAttributionOptions to have a mandatory field for the helper party network or have the helper party network exist out of the options dict?
I'm looking through the minutes and I'm not sure we aligned on the interface for
getEncryptedMatchKey
. I.e. do we want PrivateAttributionOptions to have a mandatory field for the helper party network or have the helper party network exist out of the options dict?
As report collector can only trust one HPN for the given epoch, I think we decided to keep HPN as a mandatory argument for getEncryptedMatchKey. This would ensure that even if the browser trusts multiple HPN, there is no ambiguity which HPN to choose.
As I think we previously discussed though, it might be helpful to have the necessary information present for the browser to use, rather than have it know about things like commitments and such. The helper parties will enforce these constraints, but the process will be smoother if they are supplied, always.
Sorry I think I wasn't clear, the alternative I remember discussing was:
getEncryptedMatchKey("https://reportcollector.exmaple", {
eventType: "source",
helperNetwork: ["https://helper1.example", "https://helper2.example"]
});
Where both eventType
and helperNetwork
must be supplied. Having these as non-positional arguments is less brittle if we want to change things around here in the future.
This PR tries to define the interface of the two client-side APIs:
getEncryptedMatchKey
andgetHelperNetworks
. These would be the interfaces user-agents (like Chromium, Gecko, Webkit etc) would expose to developers.Proposed API surface
getEncryptedMatchKey
getEncryptedMatchKey
API allows retrieval of an encryption of secret-shares of the match key that was previously set. If not found, this API also generates a random value for the matchkey, and stores it.API arguments
eventType
: specifies if this is a source or a trigger eventhelperNetwork
: Helper party network towards which the match keys should be encryptedoptions
: Optional arguments which might be required to be passedAPI implementation detail
Step 1: Find the correct match_key
Step 2: Split match_key into 3 shares
Step 3: Prefix eventType to each packet
Step 4: Encrypt packets
getHelperNetworks
for details).Please note that
API return type
This has been covered in detail in #50
getHelperNetworks
The third API,
getHelperNetworks
returns a list of the helper party networks towards which the browser is willing to encrypt match keys.About public encryption keys: Browsers will need to know which public keys to use when encrypting data inside getEncryptedMatchKey(). This can be hard-coded into the browser, part of some sort of configuration system, or periodically downloaded from helpers. This needs to be globally consistent to prevent the choice of key from being used to identify users; see https://datatracker.ietf.org/doc/html/draft-ietf-privacypass-key-consistency
About PrivateAttributionNetwork: We won’t provide a constructor for PrivateAttributionNetwork, so that only values that the browser supports can be passed to the options parameter.
Additional Note