[WG-OTTO] CONIKS

Rainer Hoerbe rainer at hoerbe.at
Fri Oct 30 16:13:59 CDT 2015


CONIKS is a service that provides key transparency for end-users in the same way RFC 6269 certificate transparency (CT) does it for server certificates. 

To recall: CT provides a public ledger allowing the verification that a certificate was issued by the authoritative CA (or more abstract: verify which namespace asserts that a name controls a key)
Key owners have the  duty to /continually/ validate that no certificates were issued by unauthorized CAs.

CONIKS (CONtinuous Identity and Key management System) is similar to CT, but reduces required bandwidth for monitoring, and features privacy preserving key directories. That could be a further step into decentralizing the business of certification and notarization.

It might be worthwhile to look into this technology because its properties seem advantageous. Being designed to register, lookup, monitor and audit key bindings, it should be able to do the same for more general triples.

Something to discuss in an upcoming meeting.

- Rainer

slides: https://www.usenix.org/sites/default/files/conference/protected-files/sec15_slides_melara.pdf
Paper: https://eprint.iacr.org/2014/1004.pdf
Reference implementation: https://github.com/coniks-sys/coniks-ref-implementation
Master thesis: http://www.cs.princeton.edu/~melara/pubs/mse-thesis.pdf


More information about the WG-OTTO mailing list