[messaging] One CONIKS or many?

Joseph Bonneau jbonneau at cs.stanford.edu
Thu Mar 24 19:08:01 PDT 2016


On Thu, Mar 24, 2016 at 6:57 PM, Tony Arcieri <bascule at gmail.com> wrote:

> Sounds somewhat similar to EPFL's "Cothority" idea:
>
> https://github.com/dedis/cothority
> https://zerobyte.io/files/talks/2015-12-27-collective-authorities-32c3.pdf
>

I don't think what Watson is proposing is similar. Cothority is a protocol
for efficiently threshold signing with many parties (cosigners) holding key
shares. This is orthogonal to building a multi-provider CONIKS directory
for many messaging services to use, as all of the cosigners must agree on
what they're signing first.

If Signal and iMessage want to share a key directory, there's no reason
they need to agree on who the user "Alice" is or what her keys are, they
each can independently decide on which keys to map the string "Alice" to
and sign their authoritative decision.

You might want to use Cothorities though to sign the multi-provider CONIKS
directory's roots, which would give you greater assurance against any
equivocation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20160324/4b496dcc/attachment.html>


More information about the Messaging mailing list