Validation for PIR DB canary value

We got a feedback from apple side for our new request

PIR server responded, but the canary value is not in the dataset. "www.apple.com/url-filter-test" should be set to 1

So we have validated this using our iOS app pointing to same environment and it is blocking this URL as per expectation as well as we have validated this using below curl

docker exec pir-server sh -lc 'grep -n "www.apple.com/url-filter-test" /pir/data/input.txtpb; ls -l /pir/data/input.txtpb /pir/data/url-0.bin /pir/data/url-0.params.txtpb'; curl -sS -i https://ohttp.protectuswebfilter.com/.well-known/private-token-issuer-directory | sed -n '1,40p'

Please help us, how they are validating this entry is available or not

The document "How to onboard with an Oblivious HTTP relay hosted by Apple" includes a checklist of details you need to confirm. The critical point in this case is #3:

(3) You have added a test identity to your dataset.

  • For Live Caller ID Lookup, it should be +14085551212 with name “Johnny Appleseed”.
  • For NEURLFilter, it should be www.apple.com/url-filter-test with value as the integer 1.

Have you configured that correctly? And have you confirmed everything else in that checklist?

__
Kevin Elliott
DTS Engineer, CoreOS/Hardware

Yes, I have added apple.com/url-filter-test this entry in the PIR DB but as you can see prefix www was missing previously so is it the reason that they were not able to find it.

We have validated this using our iOS app, by hitting the URL in the browser as well as we checked the input.txtpb file contents for the running PIR server.

Validation for PIR DB canary value
 
 
Q