Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update initial draft #1

Open
wants to merge 22 commits into
base: main
Choose a base branch
from
Open

Update initial draft #1

Changes from 1 commit
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
fe05910
Update initial draft
lusayaa Oct 2, 2024
df7f11d
Fix some formatting
lusayaa Oct 2, 2024
e418da9
Remove IETF header
lusayaa Oct 2, 2024
1d581cc
apply fix lint
lusayaa Oct 2, 2024
c5d423d
Remove assets
lusayaa Oct 2, 2024
27e0ec8
Fix lint issues
lusayaa Oct 2, 2024
022e163
Update intro
lusayaa Oct 3, 2024
ec006d3
Update informative refs.
lusayaa Oct 3, 2024
d1bbfa3
update draft
lusayaa Oct 4, 2024
fc25e63
Apply suggestions from code review
lusayaa Oct 7, 2024
501abb3
Address comments
lusayaa Oct 7, 2024
1e51780
Remove invalid link to padding
lusayaa Oct 7, 2024
e95b4e4
Apply suggestions from code review
lusayaa Oct 9, 2024
bbe192e
Update intro
lusayaa Oct 10, 2024
87dae39
Apply suggestions from code review
lusayaa Oct 11, 2024
0e956d7
Address comments.
lusayaa Oct 12, 2024
49a78c5
adjust abstract
lusayaa Oct 12, 2024
991394d
adjust intro
lusayaa Oct 12, 2024
a406bc4
Address comments
lusayaa Oct 15, 2024
8964519
Remove extra layer from keyGroupOutput keyValues
lusayaa Oct 15, 2024
82581f6
fix generate request section
lusayaa Oct 18, 2024
1714c5c
Require at least one tag and one acceptCompression.
lusayaa Oct 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 27 additions & 27 deletions draft-ietf-protected-audience-key-value-services.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,9 @@ Requests are not compressed and have a tree-like hierarchy:
- Each partition has a compression group field.
Results of partitions belonging to the same compression group can be compressed together
in the response.
Different compression groups must be compressed separately (see {{compression-group}}).
The responses for different compression groups will be compressed separately in the response
(see {{compression-group}}). Compressing the different groups separately avoids leaking the
similarity of responses for different groups.

### Encryption {#request-encryption}

Expand Down Expand Up @@ -210,6 +212,8 @@ ct = sctxt.Seal("", request)
enc_request = concat(hdr, enc, ct)
~~~~~

lusayaa marked this conversation as resolved.
Show resolved Hide resolved
The client needs to save `sctxt` for decryption of the response (see {{response-encryption}}).

A Key Value Service endpoint decrypts this encapsulated message in a
similar manner to [OHTTP]
[Section 4.3](https://www.rfc-editor.org/rfc/rfc9458#name-encapsulation-of-requests),
Expand Down Expand Up @@ -267,8 +271,8 @@ request = {
? acceptCompression: [* compressionType],
; A list of supported response compression algorithms; must contain at least one of "none", "gzip", "brotli"
? metadata: requestMetadata,
partitions: [* partition],
; A list of partitions. Each must be processed independently. Accessible by UDF.
partitions: [1* partition],
; A list of partitions. Each must be processed independently. Accessible by user-defined functions.
}

requestMetadata = {
Expand Down Expand Up @@ -345,14 +349,10 @@ a request message the Key Value Service can consume along with an HPKE context.
`processed request`.
1. If decoding fails, return failure.
7. If no `partitions` are present, return failure.
brusshamilton marked this conversation as resolved.
Show resolved Hide resolved
8. Set `compression group map` to an empty map.
8. Set `compressionGroupMap` to an empty map.
9. For each `partition` in `partitions`:
1. Set `partition id` to the value of the `id` field in `partition` if
present, otherwise `0`.
2. Set `compression group id` to the value of the `compressionGroupid` field in `partition` if
present, otherwise `0`.
3. Set `compression group map[compression group id]` to `compression group map`.
10. Return `processed request`, `compression group map`, and `rctxt`.
1. Set `compressionGroupMap[compression group id]` to `compressionGroupMap`.
lusayaa marked this conversation as resolved.
Show resolved Hide resolved
10. Return `processed request`, `compressionGroupMap`, and `rctxt`.

## Response Data {#response}

Expand Down Expand Up @@ -468,7 +468,7 @@ compressionGroup = [* partitionOutput]
; Array of PartitionOutput objects

partitionOutput = {
? id: uint
id: uint
; Unique id of the partition from the request
? keyGroupOutputs: [* keyGroupOutput]
}
Expand Down Expand Up @@ -537,42 +537,42 @@ serialized to string.
This algorithm describes how the Key Value Service MAY generate a response to a request.

The input is a list of [deterministically encoded CBOR](https://www.rfc-editor.org/rfc/rfc8949.html#name-deterministically-encoded-c) `partitionOutputs` in {{response-schema}} as well as
lusayaa marked this conversation as resolved.
Show resolved Hide resolved
the `compression group map` and the HPKE receiver, `rctxt`, context saved in {{request-parsing}}.
the `compressionGroupMap` and the HPKE receiver, `rctxt`, context saved in {{request-parsing}}.
Assume that this response is to a request that includes `gzip` in `acceptCompression`.

The output is a `response` to be sent to a Client.

1. Create `payload`.
1. Create an empty `payload` object, corresponding to {{response-schema}}.
2. Set `compression groups` to an empty list.
3. Set `partition output map` to an empty map.
3. Set `partitionOutputMap` to an empty map.
4. For each `partitionOutput` in the list of `partitionOutputs`:
1. Set `partition id` to `partitionOutput["id"]` if present, otherwise 0.
2. Add key value pair `partition id`, `partitionOutput` to `partition output map`.
5. For each (`compression group id`, `partition ids`) in `compression group map`:
1. Create `compression group`.
1. Set `partitionOutputMap[partitionOutput["id"]]` to `partitionOutput`.
5. For each (`compression group id`, `partition ids`) in `compressionGroupMap`:
1. Create an empty `compression group` object, corresponding to {{compression-group}}.
2. Set `cbor partitions array` to an empty CBOR array.
3. For each `partition id` in `partition ids`:
1. Set `partition output` to `partition output map[partition id]`.
1. On failure to find the partition, continue.
2. Add `partition output` to `cbor partitions array`.
1. Set `partition output` to `partitionOutputMap[partition id]`.
1. On failure to find the `partition id`, continue.
2. Append `partition output` to `cbor partitions array`.
4. Set `cbor serialized payload` to the CBOR serialized `cbor partitions array`.
1. On serialization failure, continue.
5. Set `compression group content` to the [GZIP] compressed `cbor serialized payload`.
lusayaa marked this conversation as resolved.
Show resolved Hide resolved
1. On failure, set `compression group content` to empty.
1. On failure, continue.
6. Set `compression group["compressionGroupId"]` to `compression group id`
7. Set `compression group["content"]` to `compression group content`.
8. Add `compression group` to `compression groups`.
1. Set `payload["compressionGroups"]` to `compression groups`.
2. Create a framed payload, as described in {{framing}}:
6. Set `payload["compressionGroups"]` to `compression groups`.
7. Create a framed payload, as described in {{framing}}:
1. Create a `framing header`.
2. Set the `framing header` `Compression` to one of 2.
3. Set the `framing header` `Size` to the size of `compressed payload`.
4. Let `framed payload` equal the result of prepending the framing header to
`payload`.
5. Padding MAY be added to `framing header`.
5. Padding MAY be added to `framed payload`.
6. Return an empty `response` on failure of any of the previous steps.
3. Let `response` equal the result of the encryption and encapsulation of `framed payload` with
8. Let `response` equal the result of the encryption and encapsulation of `framed payload` with
`rctxt`, as described in {{response-encryption}}. Return an empty `response` on failure.
4. Return `response`.
9. Return `response`.

### Parsing a Response

Expand Down
Loading