Privacy Pass HTTP API
draft-ietf-privacypass-http-api-00
Network Working Group S. Valdez
Internet-Draft Google LLC
Intended status: Informational 5 January 2021
Expires: 9 July 2021
Privacy Pass HTTP API
draft-ietf-privacypass-http-api-00
Abstract
This document specifies an integration for Privacy Pass over an HTTP
API, along with recommendations on how key commitments are stored and
accessed by HTTP-based consumers.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 9 July 2021.
Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Simplified BSD License text
as described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Simplified BSD License.
Table of Contents
1. Introduction
1.1. Terminology
1.2. Layout
1.3. Requirements
2. Privacy Pass HTTP API Wrapping
3. Server key registry
3.1. Key Registry
3.2. Server Configuration Retrieval
4. Key Commitment Retrieval
5. Privacy Pass Issuance
6. Privacy Pass Redemption
6.1. Generic Token Redemption
6.2. Direct Redemption
6.3. Delegated Redemption
7. Security Considerations
8. IANA Considerations
8.1. Well-Known URI
9. Normative References
Author's Address
1. Introduction
The Privacy Pass protocol as described in
[draft-davidson-pp-protocol] can be integrated with a number of
different settings, from server to server communication to browsing
the internet.
In this document, we will provide an API to use for integrating
Privacy Pass with an HTTP framework. Providing the format of HTTP
requests and responses needed to implement the Privacy Pass protocol.
1.1. Terminology
We use the same definition of server and client that is used in
[draft-davidson-pp-protocol] and [draft-davidson-pp-architecture].
We assume that all protocol messages are encoded into raw byte format
before being sent. We use the TLS presentation language [RFC8446] to
describe the structure of protocol messages.
1.2. Layout
* Section 2: Describes the wrapping of messages within HTTP
requests/responses.
* Section 3: Describes how HTTP clients retrieve server
configurations and key commitments.
* Section 5: Describes how issuance requests are performed via a
HTTP API.
* Section 6: Describes how redemption requests are performed via a
HTTP API.
1.3. Requirements
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
2. Privacy Pass HTTP API Wrapping
Messages from HTTP-based clients to HTTP-based servers are performed
as GET and POST requests. The messages are sent via the "Sec-
Privacy-Pass" header.
"Sec-Privacy-Pass" is a Dictionary Structured Header
[draft-ietf-httpbis-header-structure-15]. The dictionary has two
keys:
* "type" whose value is a String conveying the function that is
being performed with this request.
* "body" whose value is a byte sequence containing a Privacy Pass
protocol message.
Note that the requests may contain addition Headers, request data and
URL parameters that are not specified here, these extra fields should
be ignored, though may be used by the server to determine whether to
fulfill the requested issuance/redemption.
3. Server key registry
A client SHOULD fetch a server's current public key information prior
to performing issuance and redemption. This configuration is
accessible via a "CONFIG_ENDPOINT", either provided by the server or
by a global registry that provides consistency and anonymization
Show full document text