[messaging] Verification of strict key change policy in CONIKS?

Marcela S. Melara melara at CS.Princeton.EDU
Tue Mar 22 17:15:19 PDT 2016


Hi Greg,

> On Mar 22, 2016, at 02:44, Tao Effect <contact at taoeffect.com> wrote:
> 
> Hi Marcela,
> 
> Thanks so much for the quick reply!

You're welcome!

>> I'm assuming you mean Alice is the user with the strict key change policy in this example? So yes, Alice's client would see the strict flag set as part of Alice's user metadata and would know to cache Bob's key and only accept a new one if the key change is authenticated with the cached key.
> 
> 
> Well, I meant that Bob has the strict policy set, and that Alice sees that and therefore only accepts a new key from Bob if it’s signed by his previous key. But your answer seems to also apply to Bob?

Ah. Yes, that's the other side of the strict policy. So right, Alice's client will see Bob's key change policy, and decide either to accept the key change accosting to this policy.

>> Right, the specification of the key change protocol was actually a follow-up project I worked on with an undergraduate, who wrote his junior research paper on it. He also implemented this protocol, and getting it merged into our reference implementation on GitHub is in the works. In the meantime, I can get his junior paper on the CONIKS website.
> 
> Yes that would be great, I'd very much like to read that. :-)

I need to double check with the student to see if it's ok for me to publish his report, but I don't think it should be an issue. I'll announce when the report goes up.

>> There is, you can sign up at coniks.cs.princeton.edu
> 
> Thanks! I’ve signed up! ^_^

Great!

Best,
Marcela


More information about the Messaging mailing list