Private State Token Issuer Request - MAIL.RU

[NET-BEAR]

Issuer Name

MAIL.RU

Origin

https://privacy-cs.mail.ru/

Contact Email

[email protected]

Key Commitment Endpoint URL

https://privacy-cs.mail.ru/private_state_tokens/key_commitment

Purpose

Checking user authorization on sites that use authorization services and detect fraud and bots.

Disclosure and Acknowledgement

1. I understand the technical restrictions on key rotation frequency of 60 days in the PST API.
2. I understand that my issuer registration will be valid for a period of six months after the key commitment is accepted, and that I will need to re-register in this repository following that six-month period.
3. I understand that in the future renewing my registration for this API may have additional requirements, to reduce the risk of abuse by token issuers.

[dvorak42]

Your key commitment endpoint appears to 404 and doesn't return valid PST keys.

[NET-BEAR]

My apologies, the domain was indeed unavailable. This endpoint is now operational https://privacy-cs.mail.ru/private_state_tokens/key_commitment

[dvorak42]

Is it intentional that the origin for the issuer is privacy-ad..., while the key commitment endpoint is privacy-cs...?

If they should be the same, can you please edit the original issue message with the correct domains.

Additionally it appears that privacy-cs.mail.ru/robots.txt is disallowing automated fetching of the key commitments with a wildcard Disallow. You'll need to permit fetching of the key commitments so we're able to correctly fetch and parse the keys.