ARC

Cathie's question to the group about scope of interest to working group?
Further, is it appropriate to change privacy requirements for this use
case? Nonce options in terms of public vs. hidden? Lastly, would like to
have ARC adopted as a privacy pass type.

Questions
Samuel: Publicly verifiability great, would be good to have in the same
spec. Nonces, there is a way to arbitrarily have a non-power of 2 rate.
Cathie is not convinced by the approach. Sam supports work item and
advocates for hidden nonce

Raphael: is this pseudonomous? A: not intended to construct pseudonyms,
every tag is meant to be unique. However, if you allow a user to reuse a
nonce or set rate limit to 1, then you do get pseudonyms. But not
intended.

Tommy Pauly (apple): Original rate limiting was focusesd on per origin,
but gets complicated quickly. Would like to see us adopt ARC. Ideally
one spec as well, but if 2 specs are used would love to see one
overarching doc for privacy pass somewhere. Power of 2 rate limit is
awkard, let's avoid if possible.

Chris Patton: support adoption. Private vs. public verifiabiltity is up
to authors. Arc further along than BDS. Hidden nonce should be a
requirement, and power of 2 is ok for now. How much could we modify ARC
if new use cases come up? A: Possibly the use case is not suited by ARC,
but perhaps an ARC extension. Not sure if this would be the same token
type or a new one.

Chris wood: Nonce should be hidden. Would be amenable to changes if
adopted, because it is up to the wg at that point.

Thibault: rate limit options, agree that powers of 2 is weird but has
nice privacy properties and doesn't require fancy crypto. Very appealing
to reduce number of tokens. Verifiability, public is nice but maybe not
required for experimenting. support adoption.

Stefan: Has there been discussions with european wallet specifications?
A: Seems like it does not fit but happy to discuss offline

David Schinazi: will we have a call for adoption? chairs: yes, will
start one very soon.

Privacy Pass Enhancement

Watson Ladd
Questions
Chris: Desire to case after fancy cryto. ARC is somewhat different, or
more fancy, but very concrete, simple and solves a specific problem.
Would support consideration if the problem was more specific or scoped.
Don't want to discourage investigation into novel crypto, but it would
be helpful to focus if we tackle known problems. A: There was no
discussion into suitability of post-quantum, so argues that that is a
problem to solve.

Thibault: would support but we need to prioritize practical problems
right now.

Anonymous credit tokens

Sam
Questions
Sam: question to the group, is this a good fit for privacy pass wg?
These tokens would not support linkability.

Scott: very excited about this work, I am a deployer of systems that use
tons of blind tokens, and would in some cases like the flexibility this
provides. Useful for abuse control and access contol. Supportive, feels
like a nice extension.

Tommy: Properties about feedback and spending feels natural and has come
up a lot here in privacy pass. Definitely something there, and related
to this work. How would this work in conjuntion with other privacy pass
efforts? Let's do as the next step. A: agreed, and will work on a doc

Chris patton: fits into privacy pass. Application security, easy to make
mistakes

David: IP protection useful, supports and looking forward to

Thibault: +1 to what Tommy said

Cathie: Interested in this. Have other draft in CFRG, this has some
better properties. This is worth solving

Eric Trouton: Very supportive. Love private feedback mechanisms.
Interested in this from anti-abuse perspective. Curious if token
harvesting attacks are in scope, and if folks feel comfortable talking
about specific attacks we are seeing in practice.

Dennis Jackson: This is very interesting. Want to see it progress.

Sam: (scribe missed this last point sorry)

Actions

Adoption call will start for ARC