- From: Charlie Harrison via GitHub <sysbot+gh@w3.org>
- Date: Fri, 06 May 2022 18:58:29 +0000
- To: public-patcg@w3.org
Another question for the IPA proposal. The document mentions it should be possible for third parties to make requests on behalf of other 1Ps. I agree this is a good feature. One attack I didn't see mentioned is malicious parties crafting fake data in the hope of stealing budget from the 1P, by pretending to query on behalf of the 1P. There are many mitigations for this, but it would be good to spell them out. The most obvious one is that if the match key space is high entropy enough, this is just straight up difficult. However, I don't know if we want to design something more robust such that e.g. 1Ps need to attest to working with certain 3Ps up front. -- GitHub Notification of comment by csharrison Please view or discuss this issue at https://github.com/patcg/private-measurement/issues/9#issuecomment-1119926486 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 6 May 2022 18:58:30 UTC