On Tue, Mar 10, 2015 at 10:16 AM, Giuseppe Lavagetto < glavage...@wikimedia.org> wrote:
> Hi Chris, > > I like the idea in general, in particular the fact that only > "established" editors can ask for the tokens. What I don't get is why > this proxy should be run by someone that is not the WMF, given - I > It's due to a known issue with the scheme that Yan suggested-- if the same person knows both the blinded and unblinded signatures, they can brute force the blinding and correlate the identities. Splitting the two is needed to prevent that. > guess - it would be exposed as a TOR hidden service, which will mask > effectively the user IP from us, and will secure his communication > from snooping by exit node managers, and so on. > > I guess the righteously traffic on such a proxy would be so low (as > getting a token is /not/ going to be automated/immediate even for > logged in users) that it could work without using up a lot of > resources. > > Cheers, > > Giuseppe > > _______________________________________________ > Wikitech-l mailing list > Wikitech-l@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l