Stable mapping per-origin key rotation

tfpauly / privacy-proxy

Specifications for Privacy Proxy Implementations

Other

29 stars 11 forks source link

Stable mapping per-origin key rotation #111

Closed chris-wood closed 2 years ago

chris-wood commented 2 years ago

Currently, the stable mapping computes a function over the client's secret and a key associated with the origin. If this key rotates, mediator state is no longer valid. We should write text that deals with this edge case. (Unrelated, we also need a better name for the thing called a "stable mapping" 🤷 )

tfpauly commented 2 years ago

We do have this for client key rotation, but we can expand and also talk about issuer secret rotation.

ANON_ORIGIN_ID MUST be a stable and unpredictable 32-byte value computed by the Client. Clients MUST NOT change this value across token requests for the same ORIGIN_NAME. Doing so will result in token issuance failure (specifically, when a Mediator rejects a request upon detecting two ANON_ORIGIN_ID values that map to the same Origin).

tfpauly commented 2 years ago

If the issuer changes its key too frequently, it ends up letting clients lie, so it's shooting itself in the foot.

The issuer secret should probably change no more frequently than the issuer token key itself.

tfpauly commented 2 years ago

Discussing adding text to: https://tfpauly.github.io/privacy-proxy/draft-privacypass-rate-limit-tokens.html#section-5.1.3

Explain rotation strategy (don't rotate more frequently than policy window rotations, at least 2x the window).