Re: [w3ctag/design-reviews] Early design review request: IPA (Issue #823)

Thank you everyone for the feedback thus far.

I wanted to update the group about a change that we have recently made to the IPA proposal.

In light of both:
1. The risk of events in the browser being linked to events outside of the browser (a risk called out by @csharrison, which we added to the [IPA end-to-end doc](https://github.com/patcg-individual-drafts/ipa/blob/main/IPA-End-to-End.md))
2. The attack @bmcase discovered, and posted about (https://github.com/patcg-individual-drafts/ipa/issues/57), which could be waged by a malicious match key provider

We've opted to remove the setMatchKey API from this proposal. Perhaps, in future, we will find solutions to these problems, but until that time, we would like to explore a simpler proposal which *only* includes a `getEncryptedMatchKey()` API. 

The underlying identifier being secret shared in this case would just be a random number, generated by the user-agent, which would never be revealed to any party, just stored on the device.

We hope this simplification will address a number of the concerns listed above.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/823#issuecomment-1517131392
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/823/1517131392@github.com>

Received on Friday, 21 April 2023 01:30:41 UTC