> On Mar 5, 2016, at 8:25 AM, Elias Rohrer <[email protected]> wrote: > > Hello nice people of the Tor project! > > I'm very interested in using the Google Summer of Code stipend to integrate > the CONIKS key verification protocol into Tor Messenger. > > So I wanted to say 'Hi!' and introduce myself: I'm a computer science student > at Humboldt Universität zu Berlin in Berlin, Germany. The main focus of my > studies lies on security, computer networks (such as the peer-to-peer ones) > and privacy enhancing technologies. > In the last years I mostly worked with C/C++, but these days I'm learning > erlang – mostly for its benefits in concurrent & network scalable > programming, but also to learn 'something different'.
Hello Elias. Nice to meet you and thanks for your interest. > > This brings me to some questions regarding the project: > If I understand correctly (after reading [1], there are three parts which > should get implemented in course of the project: > > - A server component which stores the tamper-resistant database and would be > run by the identity providers. > - An auditor module which tracks the states of the server and publishes its > view, so users can check that theirs is consistent with it. > - And a client side plugin for Tor Messenger written in JavaScript. That's correct, though perhaps the project description should emphasize that the priority is on the server and client components. > Concerning the two first parts: What would be the requirements concerning the > language of the server? The Projects page list JavaScript and C as required > languages, but would you also consider a server component written in erlang? Unfortunately, I don't think there's a lot of erlang expertise in the Tor community. In order to maintain the server going forward (despite any intention you'd have of staying on the project), I think it'd be best if we went with a language more developers here are accustomed to, such as golang. > I could do that in C/C++, but since I'm experimenting with erlang I thought > I'd ask, especially, because I could imagine that the auditor functionality > could be implemented into a XMPP server such as ejabberd or prosody. Prosody is in lua, no? > So, while the CONIKS provider would be more or less centralised for Tor > Messenger, third parties like the XMPP server hosters could act as auditors > by just loading up a plugin for their XMPP server. This Idea is based on the > Q&A found in the ticket [1]. Do you think this would be a viable idea to roll > out the auditor software? While I agree that would probably ease deployment for those running ejabberd, it's not very helpful in the general case. We'd like anyone to be able to run an auditor. And, again, I should stress that the other components are the priority and should make up the bulk of the work. > This should be it for my first questions. I'll study the CONIKS paper more in > depth in the next days and will come back at you if more questions come up > concerning the project idea – if that's okay with you. Sounds great. Again, thanks for your interest in the project. Feel free to ping Marcela (masomel) and I (arlolra) on irc in tor-dev > Best Wishes! > > Elias Rohrer / _tnull @ irc > > > > [1]: https://trac.torproject.org/projects/tor/ticket/17961 _______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
