[tor-dev] Questions about "Tor Messenger CONIKS integration"
Go
simplesmtptest123 at gmail.com
Wed Apr 20 19:28:06 UTC 2016
Hi,
For the first question: I understand that the private indices obfuscate the
usernames. But when computing an index i for a username u, the CONIKS
server will see u in plaintext rather than hashed or encrypted results of u
(correct me if I'm wrong). In this case, a CONIKS server controlled by an
attacker will be able to collect the usernames of new registered users,
right?
Thanks!
On Wed, Apr 20, 2016 at 2:53 PM, Marcela S. Melara <melara at cs.princeton.edu>
wrote:
> Hi,
>
> I think Ismail was trying to answer your first question when he described
> the private indices in the CONIKS key directories. What these private
> indices do, in other words, is obfuscate the usernames in the directory, so
> an attacker who breaks into the server cannot see the usernames registered
> at the compromised key server.
>
> As for your second question, we haven't fully fleshed out the mechanism
> you found. But if you want to use Tor Messenger for your Twitter account,
> you will have to register your legitimate Twitter name with the key server.
> Our idea is that you will receive some kind of email with a confirmation
> link to prove that you own the Twitter account. This, by no means, means
> that Tor Messenger now has access to your full account. But Tor Messenger
> does need to confirm that you own the Twitter name you're registering to
> prevent an attacker from trying to impersonate you.
>
> It's also important to note that CONIKS uses additional crypto mechanisms
> to ensure that all data (including the public keys) associated with names
> registered with CONIKS key servers isn't stored in plain.
>
> I hope this helps!
> Best,
> Marcela
>
> On Apr 20, 2016, at 14:28, Go <simplesmtptest123 at gmail.com> wrote:
>
> Hi,
>
> Thanks for you quick reply. I still have few questions:
>
> 1. If one CONIKS server has been compromised, and I happen to register to
> this server; I guess the server can see my username in this case, right?
> 2. I found the ticket
> https://trac.torproject.org/projects/tor/ticket/17961. The answer for the
> second question says "We can ask for a proof of ownership of the name...".
> So when do CONIKS need to do proof of account ownership? Could please
> anyone give me some concrete scenarios? My concern is that in order to do
> proof of ownership, we have to hand out the real accounts to CONIKS.
>
> Sorry for being paranoid.
>
> Thanks!
>
> On Tue, Apr 19, 2016 at 4:57 PM, Ismail Khoffi <ismail.khoffi at gmail.com>
> wrote:
>
>> Hi there,
>>
>> I don't know about much about the concrete plans for the Tor Messenger
>> and CONIKS but I'm quite familiar with the original CONIKS design. First of
>> all: I’m sure no one would force you to give your "real" identity, you
>> could for instance use large identity provider which is rather difficult
>> to compromise, at least for non-state actors (for example gmail and the
>> pseudonym simplesmtptest123 ;-). Maybe, for the Tor messenger integration
>> there will be/people might choose some other identity providers (with a
>> stronger focus on privacy and more freedom to choose pseudonyms instead of
>> real names).
>>
>> If an identity provider (one of the several "CONIKS servers") is
>> compromised, the attacker is able to read the provider's local directory
>> (containing public key of already registered providers), he would basically
>> see a more or less ‘randomly' looking Merkle tree. Theoretically, the
>> attacker would still need to know all the user real-names beforehand to
>> (for instance) query for their public keys. (This is achieved using the
>> following "crypto-tricks": identities are stored at a private “index" in
>> the tree; computed using a verifiable unpredictable function from a
>> cryptographic commitment/hash of the username instead from the username
>> itself). Of course one would also need to make sure that the stored
>> public-key material (in the leaf-nodes) is pruned from user identifying
>> data (like an identity in GPG); otherwise the attacker could guess the
>> identities from that information.
>> Also, in general, the attacker won’t be able to see that you used Tor
>> Messenger from the mere fact that you use a certain identity provider, even
>> if he still could recompute your user-name from the directory.
>>
>> Hope that helps?
>> Ismail
>>
>>
>> On 19 Apr 2016, at 21:28, Go <simplesmtptest123 at gmail.com> wrote:
>>
>> Hi,
>>
>> CONIKS seems to be a very useful system. Just curious: do Tor messenger
>> users need to hand out their real identities (facebook account, twitter
>> account, etc.) to CONIKS servers? If so it seems dangerous to put all the
>> identities in a centralized service. If the CONIKS servers have been
>> compromised, will the attacker be able to figure out the social networking
>> profiles of Tor messenger users?
>>
>>
>> Thanks!
>> _______________________________________________
>> tor-dev mailing list
>> tor-dev at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>>
>>
>>
>> _______________________________________________
>> tor-dev mailing list
>> tor-dev at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>>
>>
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>
>
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160420/8166aa54/attachment-0001.html>
More information about the tor-dev
mailing list