Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Address gaps in BPoP protocol and feedback #667
base: main
Are you sure you want to change the base?
Address gaps in BPoP protocol and feedback #667
Changes from 4 commits
69b2509
831fe60
02188ac
515989d
22fa888
c8a38ea
fb422b7
bec12c8
0313729
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is client expected to do if there's no Nonce returned? Use current local device time?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe: "BPoP" needs an additional states? none|disabled == disabled, enabled = optional, and required for server will enforce BPoP
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this BPoP per-origin data also be covered by
Clear-Site-Data
? It's not clear to which of the individual site data types it belongs. BPoP may be used to bind other data from bothstorage
andcookies
, so it doesn't seem to fit neatly in either of them alone.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add a note that this behavior only applies if there's no enterprise policy override? Also, should we call out the possibility of an enterprise policy configuring how keys are stored (same as in the explainer)? Otherwise, if someone only reads this document and not the explainer, then this detail would be missed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added a caveat. Will work on enterprise section once we reach a consensus on the same.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How does the client execute a refresh? It needs a new nonce from the server, but the protocol only indicates that a nonce is provided in a server-generated response to any arbitrary request at the same origin. This implies the client has to send a request after the refresh timer elapses, but where does it send it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If the same client sends multiple concurrent requests in flight with the same BPoP proof before it receives a
401
andWWW-Authenticate: BPoP...
response from the server, how should the server respond to the other requests that were already sent with the same invalid BPoP proof?The comparable DBSC proposal attempts to solve this by client-side logic in the protocol that holds and queues requests when its proof has expired until it can refresh it (it uses an auxiliary cookie as its proof).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is the server expected to provide rotation semantics for the nonce by supporting multiple nonces with overlapping windows? If so, should the server start sending a new BPoP nonce back even while it continues to accept a previous one for some period of time?