Edge implementation OSS release

privacypass / challenge-bypass-extension

DEPRECATED - Client for Privacy Pass protocol providing unlinkable cryptographic tokens

https://privacypass.github.io

BSD 3-Clause "New" or "Revised" License

1.24k stars 192 forks source link

Edge implementation OSS release #311

Closed ignoramous closed 9 months ago

ignoramous commented 2 years ago

From the readme@6c0c3a80 (emphasis mine):

Cryptography is implemented using the elliptic-curve library SJCL and compression of points is done in accordance with the standard SEC1. This work uses the NIST standard P256 elliptic curve for performing operations. Third-party implementers should note that the outputs of the hash-to-curve, key derivation, and point encoding functions must match their Go equivalents exactly for interaction with our server implementation. More information about this will be provided when the edge implementation is open-sourced.

Opening this bug to track edge impl's (?) OSS release.

ignoramous commented 2 years ago

Is this that edge impl? https://github.com/privacypass/challenge-bypass-server

armfazh commented 2 years ago

iiuc, the line highlighted refers to edge as an edge/serverless service, and does not refer to the Edge browser.

Secondly, the repository you linked was an initial implementation of such an edge service. However, it is likely that right now it is not compatible anymore with the current Privacy Pass extension.

thibmeu commented 9 months ago

Closing for inactivity

ignoramous commented 9 months ago

Edge implementation hasn't been open sourced, though?

thibmeu commented 9 months ago

The initial edge service implementation was open sourced in privacypass/challenge-bypass-server, as you correctly linked to, and armfazh confirmed. There has been no activity after their comment, therefore closing.

If this repo is linked directly from the README, would this help? If not, what actions would you like to be taken?

ignoramous commented 9 months ago

armfazh specifically said "the line highlighted refers to edge as an edge/serverless service"

the golang repo linked to above (which is now outdated) isn't "edge/serverless" (which usually is written in javascript/typescript/rust for Cloudflare Workers)?

thibmeu commented 9 months ago

While I agree having an open source Workers implementation would be valuable, this is an issue with the origin server, not the extension. The README has been updated in this commit.

You might be interested to look at implementations of the IETF protocol. The extension is getting updated to support it, and is going to be compatible with other implementations. I'll post an update here once a Workers based implementation of the latest draft is published, due to the lack of good place to track this feature request.

If you could share a use case, it would help the team to prioritise this work.