[Webkit-unassigned] [Bug 223956] New: PCM: PrivateClickMeasurementManager::getTokenPublicKey() should not use PrivateClickMeasurement::PcmDataCarried::PersonallyIdentifiable when validating the token before the attribution report is sent
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Mar 30 14:30:36 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=223956
Bug ID: 223956
Summary: PCM:
PrivateClickMeasurementManager::getTokenPublicKey()
should not use
PrivateClickMeasurement::PcmDataCarried::PersonallyIde
ntifiable when validating the token before the
attribution report is sent
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebKit Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: wilander at apple.com
PrivateClickMeasurementManager::getTokenPublicKey() is currently configured to use PrivateClickMeasurement::PcmDataCarried::PersonallyIdentifiable when minting the unlinkable and secret tokens. However, PrivateClickMeasurementManager::getTokenPublicKey() is used a second time when validating the secret token before the attribution report is sent. On the second occasion, PrivateClickMeasurement::PcmDataCarried::NonPersonallyIdentifiable should be used. Which to use should probably be controlled by the caller.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210330/57e3b38d/attachment.htm>
More information about the webkit-unassigned
mailing list