[tor-dev] GSoC: Tor Messenger CONIKS integration

Arlo Breault arlo at torproject.org
Mon Mar 7 22:06:56 UTC 2016

> On Mar 5, 2016, at 8:25 AM, Elias Rohrer <ml at tnull.de> wrote:
> Hello nice people of the Tor project!
> I'm very interested in using the Google Summer of Code stipend to integrate the CONIKS key verification protocol into Tor Messenger.
> So I wanted to say 'Hi!' and introduce myself: I'm a computer science student at Humboldt Universität zu Berlin in Berlin, Germany. The main focus of my studies lies on security, computer networks (such as the peer-to-peer ones) and privacy enhancing technologies.
> In the last years I mostly worked with C/C++, but these days I'm learning erlang – mostly for its benefits in concurrent & network scalable programming, but also to learn 'something different'.

Hello Elias. Nice to meet you and thanks for your interest.

> This brings me to some questions regarding the project:
> If I understand correctly (after reading [1], there are three parts which should get implemented in course of the project:
> - A server component which stores the tamper-resistant database and would be run by the identity providers.
> - An auditor module which tracks the states of the server and publishes its view, so users can check that theirs is consistent with it.
> - And a client side plugin for Tor Messenger written in JavaScript.

That's correct, though perhaps the project description
should emphasize that the priority is on the server and
client components.

> Concerning the two first parts: What would be the requirements concerning the language of the server? The Projects page list JavaScript and C as required languages, but would you also consider a server component written in erlang?

Unfortunately, I don't think there's a lot of erlang expertise
in the Tor community. In order to maintain the server going forward
(despite any intention you'd have of staying on the project), I
think it'd be best if we went with a language more developers here
are accustomed to, such as golang.

> I could do that in C/C++, but since I'm experimenting with erlang I thought I'd ask, especially, because I could imagine that the auditor functionality could be implemented into a XMPP server such as ejabberd or prosody.

Prosody is in lua, no?

> So, while the CONIKS provider would be more or less centralised for Tor Messenger, third parties like the XMPP server hosters could act as auditors by just loading up a plugin for their XMPP server. This Idea is based on the Q&A found in the ticket [1]. Do you think this would be a viable idea to roll out the auditor software?

While I agree that would probably ease deployment
for those running ejabberd, it's not very helpful
in the general case. We'd like anyone to be able to
run an auditor. And, again, I should stress that the
other components are the priority and should make up the
bulk of the work.

> This should be it for my first questions. I'll study the CONIKS paper more in depth in the next days and will come back at you if more questions come up concerning the project idea – if that's okay with you.

Sounds great. Again, thanks for your interest
in the project. Feel free to ping Marcela (masomel)
and I (arlolra) on irc in tor-dev

> Best Wishes!
> Elias Rohrer / _tnull @ irc
> [1]:	https://trac.torproject.org/projects/tor/ticket/17961

More information about the tor-dev mailing list