[tor-dev] Questions about "Tor Messenger CONIKS integration"

Go simplesmtptest123 at gmail.com
Wed Apr 20 18:28:36 UTC 2016


Thanks for you quick reply. I still have few questions:

1. If one CONIKS server has been compromised, and I happen to register to
this server; I guess the server can see my username in this case,  right?
2. I found the ticket https://trac.torproject.org/projects/tor/ticket/17961.
The answer for the second question says "We can ask for a proof of
ownership of the name...". So when do CONIKS need to do proof of account
ownership? Could please anyone give me some concrete scenarios? My concern
is that in order to do proof of ownership, we have to hand out the real
accounts to CONIKS.

Sorry for being paranoid.


On Tue, Apr 19, 2016 at 4:57 PM, Ismail Khoffi <ismail.khoffi at gmail.com>

> Hi there,
> I don't know about much about the concrete plans for the Tor Messenger and
> CONIKS but I'm quite familiar with the original CONIKS design. First of
> all: I’m sure no one would force you to give your "real" identity, you
> could for instance use large  identity provider which is rather difficult
> to compromise, at least for non-state actors (for example gmail and the
> pseudonym simplesmtptest123 ;-). Maybe, for the Tor messenger integration
> there will be/people might choose some other identity providers (with a
> stronger focus on privacy and more freedom to choose pseudonyms instead of
> real names).
> If an identity provider (one of the several "CONIKS servers") is
> compromised, the attacker is able to read the provider's local directory
> (containing public key of already registered providers), he would basically
> see a more or less ‘randomly' looking Merkle tree. Theoretically, the
> attacker would still need to know all the user real-names beforehand to
> (for instance) query for their public keys. (This is achieved using the
> following "crypto-tricks": identities are stored at a private “index" in
> the tree; computed using a verifiable unpredictable function from a
> cryptographic commitment/hash of the username instead from the username
> itself). Of course one would also need to make sure that the stored
> public-key material (in the leaf-nodes) is pruned from user identifying
> data (like an identity in GPG); otherwise the attacker could guess the
> identities from that information.
> Also, in general, the attacker won’t be able to see that you used Tor
> Messenger from the mere fact that you use a certain identity provider, even
> if he still could recompute your user-name from the directory.
> Hope that helps?
> Ismail
> On 19 Apr 2016, at 21:28, Go <simplesmtptest123 at gmail.com> wrote:
> Hi,
> CONIKS seems to be a very useful system. Just curious: do Tor messenger
> users need to hand out their real identities (facebook account, twitter
> account, etc.) to CONIKS servers? If so it seems dangerous to put all the
> identities in a centralized service.  If the CONIKS servers have been
> compromised, will the attacker be able to figure out the social networking
> profiles of Tor messenger users?
> Thanks!
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160420/d5f02b02/attachment.html>

More information about the tor-dev mailing list