Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
users:sharing_ids [2015/09/12 16:56]
aklyn [Using ToxDNS Services to ease entering Tox IDs]
users:sharing_ids [2018/03/15 19:02] (current)
nurupo ToxDNS has been phased out
Line 1: Line 1:
 ===== Sharing Tox ID's ===== ===== Sharing Tox ID's =====
-**WARNING:​** If you are looking for shorter and more memorable IDs, remember that the **relation between any kind of names and Tox IDs is neither protected nor ensured** by the Tox protocol. By the nature of name services ​(when you e.g. use a [[users:​toxdns|ToxDNS]]) ​you put full trust into unverified third party data and also get that data over a different, insecure protocol. The safest way to share your Tox ID is by giving your Tox ID (not ToxDNS name or whatever) ​directly over a secure channel.+**WARNING:​** If you are looking for shorter and more memorable IDs, remember that the **relation between any kind of names and Tox IDs is neither protected nor ensured** by the Tox protocol. By the nature of name services you put full trust into unverified third party data and also get that data over a different, insecure protocol. The safest way to share your Tox ID is by giving your Tox ID directly over a secure channel.
 __The only reliable registry with names of your contacts is your personal contact list__. To make it safe you also __must set your own__ permanent labels (names/​aliases) on the contacts in the list. __The ability of contacts to freely change their display names in your contact list is totally insecure__. At least some clients offer unsafe contact list as the default, this looks innocent but is a serious security flaw. __The only reliable registry with names of your contacts is your personal contact list__. To make it safe you also __must set your own__ permanent labels (names/​aliases) on the contacts in the list. __The ability of contacts to freely change their display names in your contact list is totally insecure__. At least some clients offer unsafe contact list as the default, this looks innocent but is a serious security flaw.
  
Line 10: Line 10:
 ==== Using Tox URIs to ease entering Tox IDs, Manual Out-Of-Channel Verification ==== ==== Using Tox URIs to ease entering Tox IDs, Manual Out-Of-Channel Verification ====
 In this scenario, a user creates a Tox URI which is used to help fill out the Add Friend form in a Tox client supporting Tox URI feature and registered in your system as Tox URI handler application. The security of this method depends on the security of the method used to transfer the Tox URI. [[users:​toxlinks| See Also]]. In this scenario, a user creates a Tox URI which is used to help fill out the Add Friend form in a Tox client supporting Tox URI feature and registered in your system as Tox URI handler application. The security of this method depends on the security of the method used to transfer the Tox URI. [[users:​toxlinks| See Also]].
- 
-==== Using ToxDNS Services to ease entering Tox IDs ==== 
-ToxDNS services allow users to register an email-like username for their Tox ID, so that users could use short and memorable usernames, as clients can look up Tox ID based on the username. Note that you must fully trust ToxDNS service to return your and not someone else's Tox ID for your registered username. ToxDNS services might also use insecure protocols. 
- 
-Because of that, you can't be 100% sure that that your ToxDNS username maps to the Tox ID you registered. A meeting in person with the other party and verifying the Tox IDs can confirm this. To the contrary, without such verification even if sending a test message shows that messages are going to the intended recipient at that particular moment, this can __not__ detect if your messages are being relayed by a malicious third party - only the actual checking of the Tox IDs of each other (not by sending them via Tox itself!) can tell. This is not a Tox limitation but an inherent property of remote communication. [[users:​toxdns| See Also]]. 
  
 ==== Useful resources for verification of regular OTR Identities ==== ==== Useful resources for verification of regular OTR Identities ====
-I'm going to use this information to come up with the content of this page. The principles need to be adapted for Tox but some of them still apply, especially when using ToxDNS.+I'm going to use this information to come up with the content of this page. The principles need to be adapted for Tox but some of them still apply.
  
 [[https://​ssd.eff.org/​en/​module/​how-use-otr-windows| EFF's How To Use OTR on Window'​s Guide]] See sections "​Chatting Securely"​ to "​Working with Other Software."​ [[https://​ssd.eff.org/​en/​module/​how-use-otr-windows| EFF's How To Use OTR on Window'​s Guide]] See sections "​Chatting Securely"​ to "​Working with Other Software."​
Print/export