Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
users:sharing_ids [2015/09/08 02:53]
cmotc created 		users:sharing_ids [2020/07/16 18:55] (current)
skeleton1 [Sharing Tox IDs]
Line 1: Line 1:
-===== Sharing Tox ID'===== +===== Sharing Tox IDs ===== 
-Some of the ways to share Tox ID's and their benefits and drawbacks.+**WARNING:** If you are looking for shorter and more memorable IDs, remember that the **relation between any kind of names and Tox IDs is neither protected nor ensured** by the Tox protocol. By the nature of name services you put full trust into unverified third party data and also get that data over a different, insecure protocol. The safest way to share your Tox ID is by giving your Tox ID directly over a secure channel. 
 +__The only reliable registry with names of your contacts is your personal contact list__. To make it safe you should also __set your own__ permanent labels (names/aliases) on the contacts in the list. In the absence of other, unchangeable means to identify the contact (e.g. [[toxid#public_key|public key]], identicon, chat history), the ability of contacts to freely change their display names in your contact list is __totally insecure__. Fortunately, most clients allow viewing a contact'public key, which cannot be fabricated, or have other means to identify the contact by. 
 + 
 +Below are some of the ways to share Tox IDs and their benefits and drawbacks. This is an attempt to address the different things that can come into play when initially authenticating a Tox user.
  
 ==== In Person, Manual Verification ==== ==== In Person, Manual Verification ====
-In this scenario, 2 people with Tox ID'meet in person, and exchange the ID'in front of each other, enter the ID'manually, and send a test message. This is equivalent to manually verifying a fingerprint in OTR.+In this scenario, 2 people with Tox IDs meet in person (or using any other secure channel), and exchange the IDs in front of each other, enter the IDs manually, and send a test message. This is equivalent to manually verifying a fingerprint in OTR. 
 + 
 +==== Using Tox URIs to ease entering Tox IDs, Manual Out-Of-Channel Verification ==== 
 +In this scenario, a user creates a Tox URI which is used to help fill out the Add Friend form in a Tox client supporting Tox URI feature and registered in your system as Tox URI handler application. The security of this method depends on the security of the method used to transfer the Tox URI. [[users:toxlinks| See Also]]. 
 + 
 +==== Useful resources for verification of regular OTR Identities ==== 
 +I'm going to use this information to come up with the content of this page. The principles need to be adapted for Tox but some of them still apply. 
 + 
 +[[https://ssd.eff.org/en/module/how-use-otr-windows| EFF's How To Use OTR on Window's Guide]] See sections "Chatting Securely" to "Working with Other Software."
  
-==== Using ToxURI's to ease entering Tox ID's, Manual Out-Of-Channel Verification ==== +[[https://otr.cypherpunks.ca/help/3.2.0/authenticate.phpCypherpunks guide to Authentication]] The most complete guide to the traditional methods of verifying OTR fingerprints with libpurple
-In this scenario, a user creates a Tox: URI which is used to help fill out the Add Friend formThe security of this method depends on the security of the method used to transfer the Tox: URI[[users:toxlinksSee Also]].+
  
-==== Using ToxDNS Services to ease entering Tox ID's ==== +[[https://adium.im/help/pgs/AdvancedFeatures-OTREncryption.htmlAdium Off-The-Record Documentation]] Pretty decent glossary.
-ToxDNS services provide an email-like username that can be looked up and will correspond with a Tox ID. These might be difficult to verify, but the meeting in person with the other party and sending a test message can show that messages are going to the intended recipient at that particular moment. [[users:toxdnsSee Also]].+

Trace:

Print/export