Hi everyone,

This is the first status report on the CONIKS for Tor Messenger project.

This is what I have done so far:

* Discussing with Arlo and Marcela about the account verification module. The proposal is described below.

* Implementing the Merkle prefix tree module. The source code is under review and is available on github repo [1]

* Submitting 2 patches for ctype-otr addon (pull #74 and #75 [2])

For now, I'm working on implementing the STR module as a part of Merkle tree module. This module would be moved into its own repo as a library, separated from the key server module, after others commented on the code.

Next I plan to continue implementing the key server module (including the registration and key change operation). It also requires a prototype implementation of the account verification module.

Besides, we also established the collaboration with engineers and PhD students from EPFL on developing the CONIKS server module. The source code of the CONIKS server module would be committed to its own repo [3], while other Tor Messenger specific modules would be committed to the repo of the project [4].

--- The account verification protocol is proposed as follows (credit to Arlo) - the user connects to an account - the client sends the registration request to a registration bot on the server - the client also signs the registered public key and sends it to the registration bot - the bot verifies the signature and registers the sending account with the public key

The client sends the signed public key to the registration bot by using one of following methods: - send a direct message to the Twitter account of the bot (in case the account is a Twitter account) - send a private chat to the Jabber account of the bot (in case the account is a Jabber account)

Best, Huy

[1] https://github.com/coniks-sys/libconiks-server-go/pull/1 [2] https://github.com/arlolra/ctypes-otr/pulls [3] https://github.com/coniks-sys/libconiks-server-go/ [4] https://github.com/c633/tor-messenger-coniks