- From: benjaminsavage via GitHub <sysbot+gh@w3.org>
- Date: Mon, 09 May 2022 05:12:36 +0000
- To: public-patcg@w3.org
> Another question for the IPA proposal. The document mentions it should be possible for third parties to make requests on behalf of other 1Ps. I agree this is a good feature. One attack I didn't see mentioned is malicious parties crafting fake data in the hope of stealing budget from the 1P, by pretending to query on behalf of the 1P. Here's how I've been thinking about this: When a report collector makes an IPA query, it will cost them some amount of money. You have to pay the MPC helper nodes for the compute you use. This implies the existence of some kind of registration process whereby a site / app signs up to run IPA queries, proves ownership of the app / site, and inputs an associated payment instrument. So I am assuming all IPA queries will be authenticated server-to-server calls. Authentication parameters must be provided to run the query. As such, it should be impossible for anyone but the 1st party, or their legitimate delegate to run queries. If a delegate abuses their permissions, the 1st party should be able to revoke their permission to run IPA queries on their behalf. -- GitHub Notification of comment by benjaminsavage Please view or discuss this issue at https://github.com/patcg/private-measurement/issues/9#issuecomment-1120649882 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 9 May 2022 05:12:37 UTC