From 4f0aa44f35de04fee44f9e8f42213e4fc410cd6e Mon Sep 17 00:00:00 2001 From: Nan Lin Date: Fri, 29 Sep 2023 16:24:33 -0400 Subject: [PATCH] Add versioin to the aggregation coordinator pubic key endpoint --- AGGREGATE.md | 4 +++- index.bs | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/AGGREGATE.md b/AGGREGATE.md index 0ad3e28892..592dcf6495 100644 --- a/AGGREGATE.md +++ b/AGGREGATE.md @@ -308,7 +308,7 @@ shared. The encryption will use public keys specified by the aggregation service. The browser will encrypt payloads just before the report is sent by fetching the public key endpoint (the aggregation service coordinator origin at the path - `/.well-known/aggregation-service/public-keys`) with an un-credentialed request. The processing origin will + `/.well-known/aggregation-service/v1/public-keys`) with an un-credentialed request. The processing origin will respond with a set of keys which will be stored according to standard HTTP caching rules, i.e. using Cache-Control headers to dictate how long to store the keys for (e.g. following the [freshness @@ -329,6 +329,8 @@ encoded public keys is as follows: } ``` +Note: The version in the `.well-known` path may change. + To limit the impact of a single compromised key, multiple keys (up to a small limit) can be provided. The browser should independently pick a key uniformly at random for each payload it encrypts to avoid associating different reports. diff --git a/index.bs b/index.bs index 5dbeedf176..257136a4e8 100644 --- a/index.bs +++ b/index.bs @@ -3272,7 +3272,7 @@ To obtain the public key for encryption given an [=aggregation coordi 1. Set |url|'s [=url/scheme=] to |aggregationCoordinator|'s [=origin/scheme=]. 1. Set |url|'s [=url/host=] to |aggregationCoordinator|'s [=origin/host=]. 1. Set |url|'s [=url/port=] to |aggregationCoordinator|'s [=origin/port=]. -1. Set |url|'s [=url/path=] to «"`.well-known`", "`aggregation-service`", "`public-keys`"». +1. Set |url|'s [=url/path=] to «"`.well-known`", "`aggregation-service`", "`v1`", "`public-keys`"». 1. Return a user-agent-determined public key from |url| or an error in the event that the user agent failed to obtain the public key from |url|. This step may be asynchronous.