Closed chris-wood closed 2 years ago
We do have this for client key rotation, but we can expand and also talk about issuer secret rotation.
ANON_ORIGIN_ID MUST be a stable and unpredictable 32-byte value computed by the Client. Clients MUST NOT change this value across token requests for the same ORIGIN_NAME. Doing so will result in token issuance failure (specifically, when a Mediator rejects a request upon detecting two ANON_ORIGIN_ID values that map to the same Origin).
If the issuer changes its key too frequently, it ends up letting clients lie, so it's shooting itself in the foot.
The issuer secret should probably change no more frequently than the issuer token key itself.
Discussing adding text to: https://tfpauly.github.io/privacy-proxy/draft-privacypass-rate-limit-tokens.html#section-5.1.3
Explain rotation strategy (don't rotate more frequently than policy window rotations, at least 2x the window).
Currently, the stable mapping computes a function over the client's secret and a key associated with the origin. If this key rotates, mediator state is no longer valid. We should write text that deals with this edge case. (Unrelated, we also need a better name for the thing called a "stable mapping" 🤷 )