[tor-bugs] #7522 [BridgeDB]: Design a user interface for redeeming invite tokens (was: Design a user interface for redeeming tokens)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Sep 8 04:18:15 UTC 2015
#7522: Design a user interface for redeeming invite tokens
-------------------------+-------------------------------------------------
Reporter: aagbsn | Owner:
Type: task | Status: new
Priority: normal | Milestone:
Component: | Version:
BridgeDB | Keywords: bridgedb-socdist, isisExB,
Resolution: | isis2016Q1, bridgedb-ui, tbb-usability
Actual Points: | Parent ID: #7520
Points: |
-------------------------+-------------------------------------------------
Changes (by isis):
* keywords: bridgedb-socdist, isisExB, isis2015Q3Q4, bridgedb-ui =>
bridgedb-socdist, isisExB, isis2016Q1, bridgedb-ui, tbb-usability
Comment:
'''Ignore everything this says about "usernames", "passwords", "human
memorable", and "email addresses".'''
The tokens I plan to use currently are the Camenisch-Lysyanskaya anonymous
credentials as described in [https://eprint.iacr.org/2008/428 this paper
(ePrint PDF)]:
Belenkiy, M., Camenisch, J., Chase, M., Kohlweiss, M., Lysyanskaya, A., &
Shacham, H. (2009).
Randomizable proofs and delegatable anonymous credentials.
In ''Advances in Cryptology-CRYPTO 2009'' (pp. 108-125). Springer Berlin
Heidelberg.
Which are well-suited to storing server-signed attributes containing
things like the "good behaviour points" described in
[https://people.torproject.org/~isis/papers/rBridge:%20User%20Reputation%20based%20Tor%20Bridge%20Distribution%20with%20Privacy%20Preservation.copy%20with%20notes.pdf
the rBridge paper (PDF)] — a variant of which should be implemented for
#7520. As these tokens are anonymous, not pseudonymous, it no longer makes
sense to think about things like "usernames", "passwords", "human
memorable", and "email addresses".
However, the general direction of brainstorming the UI for this is still
useful. In particular, the Tor Browser Team and I have extensively
discussed adding support for (somehow) inputting a delegated credential
into a fresh copy of Tor Browser. These credentials are large, as in
"several kilobytes".
=== Open questions: ===
1. How do we expect users to actually "invite" their friends? That is, if
Alice invites Bob, how does the delegated credential get from Alice's
computer to Bob's computer?
Is it reasonable to expect users to transfer a file this large or copy-
paste it? It contains private key material, so we cannot simply put it
somewhere in some sort of "download link" (at least not without encrypting
it and telling Alice to give Bob the key/passphrase).
'''Case !#1: Bob can use Tor, e.g. via meek''' What if Alice's tor
client were directed to create an Hidden/Onion Service, and the credential
was hosted there, and then Alice would only need to give Bob the .onion
URI (and, optionally, key/passphrase)?
'''Case !#2: Bob's network connection is censored in some way that even
meek doesn't work''' In my opinion, we should only fallback to something
like "Please, Alice, email this file to Bob, who will have to import it
into his Tor Browser" if Case !#2 is true, or if Alice specifies that she
wants to put Bob through this particular UX misery.
'''Case !#3: Bob's network connection is pretty much entirely
censored''' I don't know what to do here, but I'd ''really'' like to avoid
solutions (including solutions to the above cases) where the user is
encouraged/enabled to do something which presents a significant vector for
malware transfer between Bridge users (e.g. Alice doesn't know what to do,
so she puts the file containing the credential onto a USB stick and hands
it to Bob).
2. What language do we use to describe these actions to users?
3. Is whatever proposed solution going to work for users of some other
application (e.g. Ricochet, Orbot, OnionBrowser, etc.)? We need to
ensure, at the very least, that the system we design, and the underlying
exposed APIs, are as much as possible reusable for other projects.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7522#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list