[WG-OTTO] CONIKS

Mike Schwartz mike at gluu.org
Fri Oct 30 16:44:21 CDT 2015


OTTO WG,

Thanks Rainer, very intersting as usual. I'll add this to the discussion 
queue for next week.

I'm finally back online. IIW is a marathon, I know next year not to 
attempt anything during this period :-)

We had some good discussions about blockchain, and we might have found a 
new recruit for OTTO: Alan Karp.

In general, I think we should focus on the content of the schema 
necessary for OAuth2, while keeping to work in parallel on the 
publication mechanism. We can get more feedback next week from the whole 
group.

- Mike


On 2015-10-30 16:13, Rainer Hoerbe wrote:
> CONIKS is a service that provides key transparency for end-users in
> the same way RFC 6269 certificate transparency (CT) does it for server
> certificates.
> 
> To recall: CT provides a public ledger allowing the verification that
> a certificate was issued by the authoritative CA (or more abstract:
> verify which namespace asserts that a name controls a key)
> Key owners have the  duty to /continually/ validate that no
> certificates were issued by unauthorized CAs.
> 
> CONIKS (CONtinuous Identity and Key management System) is similar to
> CT, but reduces required bandwidth for monitoring, and features
> privacy preserving key directories. That could be a further step into
> decentralizing the business of certification and notarization.
> 
> It might be worthwhile to look into this technology because its
> properties seem advantageous. Being designed to register, lookup,
> monitor and audit key bindings, it should be able to do the same for
> more general triples.
> 
> Something to discuss in an upcoming meeting.
> 
> - Rainer
> 
> slides:
> https://www.usenix.org/sites/default/files/conference/protected-files/sec15_slides_melara.pdf
> Paper: https://eprint.iacr.org/2014/1004.pdf
> Reference implementation:
> https://github.com/coniks-sys/coniks-ref-implementation
> Master thesis: http://www.cs.princeton.edu/~melara/pubs/mse-thesis.pdf
> _______________________________________________
> WG-OTTO mailing list
> WG-OTTO at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-otto

-- 
-------------------------------------
Michael Schwartz
Gluu
Founder / CEO
mike at gluu.org


More information about the WG-OTTO mailing list