Add token key encoding to the registry

ietf-wg-privacypass · Jul 12, 2023 · d865964 · d865964
1 parent 93b4553
commit d865964
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 7 deletions.
diff --git a/draft-ietf-privacypass-auth-scheme.md b/draft-ietf-privacypass-auth-scheme.md
@@ -221,8 +221,9 @@ following parameters:
  all challenges.
 
 - "token-key", which contains a base64url encoding of the public key for
-use with the issuance protocol indicated by the challenge. Since the length of
-the key is not fixed, the base64url value MUST include padding. As an
+use with the issuance protocol indicated by the challenge. The encoding of
+the public key is determined by the token type; see {{token-types}}. Since the
+length of the key is not fixed, the base64url value MUST include padding. As an
 Authentication Parameter (`auth-param` from {{!RFC9110, Section 11.2}}), the
 value can be either a token or a quoted-string, and might be required to be a
 quoted-string if the base64url string includes "=" characters. This parameter
@@ -572,6 +573,7 @@ Template:
 * Value: The two-byte identifier for the algorithm
 * Name: Name of the issuance protocol
 * Token Structure: The contents of the Token structure in {{redemption}}
+* Token Key Encoding: The encoding of the "token-key" parameter in {{redemption}}
 * TokenChallenge Structure: The contents of the TokenChallenge structure in {{challenge}}
 * Publicly Verifiable: A Y/N value indicating if the output tokens are
   publicly verifiable
@@ -639,6 +641,7 @@ for Private Use.
 * Value: 0xFF00-0xFFFF
 * Name: Private Use
 * Token Structure: The contents of the Token structure in {{redemption}}
+* Token Key Encoding: N/A
 * TokenChallenge Structure: The contents of the TokenChallenge structure in {{challenge}}
 * Publicly Verifiable: N/A
 * Public Metadata: N/A

diff --git a/draft-ietf-privacypass-protocol.md b/draft-ietf-privacypass-protocol.md
@@ -738,6 +738,7 @@ This document updates the "Token Type" Registry from
 * Value: 0x0001
 * Name: VOPRF (P-384, SHA-384)
 * Token Structure: As defined in {{Section 2.2 of AUTHSCHEME}}
+* Token Key Encoding: Serialized using SerializeElement from {{Section 2.1 of OPRF}}
 * TokenChallenge Structure: As defined in {{Section 2.1 of AUTHSCHEME}}
 * Publicly Verifiable: N
 * Public Metadata: N
@@ -752,6 +753,7 @@ This document updates the "Token Type" Registry from
 * Value: 0x0002
 * Name: Blind RSA (2048-bit)
 * Token Structure: As defined in {{Section 2.2 of AUTHSCHEME}}
+* Token Key Encoding: Serialized as a DER-encoded SubjectPublicKeyInfo (SPKI) object
 * TokenChallenge Structure: As defined in {{Section 2.1 of AUTHSCHEME}}
 * Publicly Verifiable: Y
 * Public Metadata: N
@@ -1012,8 +1014,7 @@ The test vector below lists the following values:
 
 - skS: The Issuer private Key, serialized using SerializeScalar from
   {{Section 2.1 of OPRF}} and represented as a hexadecimal string.
-- pkS: The Issuer Public Key, serialized using SerializeElement from
-  {{Section 2.1 of OPRF}} and represented as a hexadecimal string.
+- pkS: The Issuer Public Key, serialized according to the encoding in {{private-token-type}}.
 - token_challenge: A randomly generated TokenChallenge structure, represented
   as a hexadecimal string.
 - nonce: The 32-byte client nonce generated according to {{private-request}},
@@ -1156,9 +1157,7 @@ The test vector below lists the following values:
 
 - skS: The PEM-encoded PKCS#8 RSA Issuer Private Key used for signing tokens,
   represented as a hexadecimal string.
-- pkS: The DER-encoded SubjectPublicKeyInfo object carrying the Issuer Public
-  Key, as described in {{public-issuer-configuration}}, represented as a
-  hexadecimal string.
+- pkS: The Issuer Public Key, serialized according to the encoding in {{public-token-type}}.
 - token_challenge: A randomly generated TokenChallenge structure, represented
   as a hexadecimal string.
 - nonce: The 32-byte client nonce generated according to {{public-request}},