Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
Trac
Trac
  • Project overview
    • Project overview
    • Details
    • Activity
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Operations
    • Operations
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Create a new issue
  • Issue Boards

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • Legacy
  • TracTrac
  • Issues
  • #17961

Closed
Open
Opened Dec 30, 2015 by Arlo Breault@arlo

Evaluate CONIKS as an authenticator

CONIKS is a practical key management system in which identity providers maintain directories of public keys on behalf of users of end-to-end secure communication systems. Our main motivation for designing CONIKS was to address the drawbacks of current trust establishment methods: (1) users either have to "manually" verify each other's keys, which has been shown to be cumbersome and error-prone for the vast majority of users, or (2) their secure messaging provider manages their keys on their behalf but these keys are not protected against tampering by a malicious provider, or compromise/coercion by malicious outsiders.

CONIKS makes it easier for users (both "default" users and stricter security-conscious users) to establish trust since they don't have to worry about or even see keys, but they also don't have to trust the identity provider to not insert spurious keys into its key directory because the key directories are maintained in tamper-evident and publicly auditable data structures (similar to a Certificate Transparency log). CONIKS includes automatic key verification, directory audit, and key change and revocation protocols which a CONIKS-enabled messaging client runs in the background, and which are efficient enough to be run on today's mobile devices. Information in the key directories is also stored in a privacy-preserving manner to prevent enumeration of users or keys during the directory audits.

http://www.coniks.org/

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: legacy/trac#17961