[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #17961 [Tor Messenger]: Evaluate CONIKS as an authenticator

Subject: [tor-bugs] #17961 [Tor Messenger]: Evaluate CONIKS as an authenticator
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 30 Dec 2015 05:16:01 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 30 Dec 2015 00:16:13 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17961: Evaluate CONIKS as an authenticator
-------------------------------+-----------------
     Reporter:  arlolra        |      Owner:
         Type:  defect         |     Status:  new
     Priority:  Medium         |  Milestone:
    Component:  Tor Messenger  |    Version:
     Severity:  Normal         |   Keywords:
Actual Points:                 |  Parent ID:
       Points:                 |    Sponsor:
-------------------------------+-----------------
 > CONIKS is a practical key management system in which identity providers
 maintain directories of public keys on behalf of users of end-to-end
 secure communication systems. Our main motivation for designing CONIKS was
 to address the drawbacks of current trust establishment methods: (1) users
 either have to "manually" verify each other's keys, which has been shown
 to be cumbersome and error-prone for the vast majority of users, or (2)
 their secure messaging provider manages their keys on their behalf but
 these keys are not protected against tampering by a malicious provider, or
 compromise/coercion by malicious outsiders.

 > CONIKS makes it easier for users (both "default" users and stricter
 security-conscious users) to establish trust since they don't have to
 worry about or even see keys, but they also don't have to trust the
 identity provider to not insert spurious keys into its key directory
 because the key directories are maintained in tamper-evident and publicly
 auditable data structures (similar to a Certificate Transparency log).
 CONIKS includes automatic key verification, directory audit, and key
 change and revocation protocols which a CONIKS-enabled messaging client
 runs in the background, and which are efficient enough to be run on
 today's mobile devices. Information in the key directories is also stored
 in a privacy-preserving manner to prevent enumeration of users or keys
 during the directory audits.

 http://www.coniks.org/

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17961>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #17961 [Tor Messenger]: Evaluate CONIKS as an authenticator
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #17960 [- Select a component]: no menu with "File" "Edit" "View" and so forth
Next by Author: Re: [tor-bugs] #17960 [Tor Browser]: no menu with "File" "Edit" "View" and so forth
Previous by thread: Re: [tor-bugs] #17960 [Tor Browser]: no menu with "File" "Edit" "View" and so forth
Next by thread: Re: [tor-bugs] #17961 [Tor Messenger]: Evaluate CONIKS as an authenticator
Index(es):
- Author
- Thread