Hello everybody! We have some news about Snake!
Last weekend we have been at hackmeeting in Bologna, the yearly meeting of the "Italian digital countercultures". It was the first time for us in such a place, but it has been exciting. A lot of fun and a couple of intersting talks. We also got the chance to talk about Snake a bit, there has been quite a lot of interest and some food for thought. We also hit the local news.
Towards the end of August we'll be discussing about Snake again in Paris, at the 6th International Symposium on Cyberspace Safety and Security (CSS 2014), where our paper has been accepted. Our submission covers a good part of the Snake design, except for group handling and the Web of Trust, which we plan to detail better in another paper. We'll publish the paper here right after the conference. Let us know if you're in Paris around August the 20th!
We also want to ensure you that Snake's development is advancing, we're currently focused on making our prototype implementation up to date with the latest changes in the design.
If you are interested in contributing there's a couple of things you can do:
If you want to get involved in the core development, there's still a lot to do. Probably the best starting point is the design document.
We'd be very happy to have a native implementation, in particular in Chromium. Some steps have been done, but they're mostly lead by Netflix, which uses different primitives compared to Snake. Therefore, what we need is someone willing to implement ECDSA, PBKDF2 and ECDH in Chromium. It's less work than you can expect, in fact it's just some sugar between the WebCrypto API and the underlying cryptographic library (NSS or OpenSSL). If you want to get an idea of the amount of work take a look at the code review page for the implementation of the sign and verify methods for RSASSA-PKCS1-v1_5.
We need to improve our testing framework and automate it to detect regressions while developing. There's also a bit of decoupling between the model and the view, but it's something definetely manageable.
While we carefully designed how the Web of Trust in Snake should work, we still have to implement it. The task basically consists in checking friends of friends' lists looking for confirmation of the public key of the user we're authenticating.
Don't forget to contact us for any further question!
Final note: all the perks have been delivered, let us know if you didn't receive yours!