On Tue, Mar 10, 2015 at 10:16 AM, Giuseppe Lavagetto < glavagetto@wikimedia.org> wrote:
Hi Chris,
I like the idea in general, in particular the fact that only "established" editors can ask for the tokens. What I don't get is why this proxy should be run by someone that is not the WMF, given - I
It's due to a known issue with the scheme that Yan suggested-- if the same person knows both the blinded and unblinded signatures, they can brute force the blinding and correlate the identities. Splitting the two is needed to prevent that.
guess - it would be exposed as a TOR hidden service, which will mask effectively the user IP from us, and will secure his communication from snooping by exit node managers, and so on.
I guess the righteously traffic on such a proxy would be so low (as getting a token is /not/ going to be automated/immediate even for logged in users) that it could work without using up a lot of resources.
Cheers,
Giuseppe
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l