[messaging] One CONIKS or many?

Joseph Bonneau jbonneau at cs.stanford.edu
Thu Mar 24 19:01:14 PDT 2016


There are certainly some appealing things about having one server that
multiple messaging services can rely on. On the whole though I've felt
there are more drawbacks than advantages.

Two underlying premises of CONIKS though are that each service provider
controls its own namespace (who gets to sign up for which name) and key
recovery (by non-cryptographic authentication). The whole point of CONIKS
is to ensure that multiple users have a consistent view of what key belongs
to a name like "jbonneau at cs.stanford.edu". Users can opt-in to having a
key-signing key to avoid relying on the directory for key recovery, but the
directory still at the very least hands out names to new users.

If you want to have one directory representing multiple namespaces, you
still need to have each provider sign new additions to its namespace (as
well as many of the updates). You'll also might want some way of preventing
one provider from DoSing the system by registering billions of users (the
proofs would still be short but somebody has to store all of that data).

You also need everybody to agree on one epoch length and different
providers might want different things.

Proofs will also get larger. Only logarithmically so, which isn't terrible,
but for centralized systems (which CONIKS was really designed for) like
iMessage or Signal, you can't communicate across providers so there is no
benefit sharing a directory.

I should read the tor-dev threads, but what's the ultimate goal with Tor
Messenger-to have one built-in key server that the software uses by
default, or to have users pick their own key server?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20160324/b9c60cfd/attachment.html>


More information about the Messaging mailing list