[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] Node Operators Web Of Trust
That sounds like an excellent idea. if the site nowot.com is available, someone could register it. Maybe we could even get providers on board with the idea.
> On Nov 10, 2014, at 7:00 AM, tor-relays-request@xxxxxxxxxxxxxxxxxxxx wrote:
>
> Send tor-relays mailing list submissions to
> tor-relays@xxxxxxxxxxxxxxxxxxxx
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> or, via email, send a message with subject or body 'help' to
> tor-relays-request@xxxxxxxxxxxxxxxxxxxx
>
> You can reach the person managing the list at
> tor-relays-owner@xxxxxxxxxxxxxxxxxxxx
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of tor-relays digest..."
>
>
> Today's Topics:
>
> 1. Node Operators Web Of Trust (grarpamp)
> 2. Re: Node Operators Web Of Trust (Gareth Llewellyn)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 7 Nov 2014 15:26:40 -0500
> From: grarpamp <grarpamp@xxxxxxxxx>
> To: tor-relays@xxxxxxxxxxxxxxxxxxxx
> Cc: cypherpunks@xxxxxxxxxx
> Subject: [tor-relays] Node Operators Web Of Trust
> Message-ID:
> <CAD2Ti2__JyLd2CYfWOitEOkPfOFDOiGb7_xqtUCgo+cKrJRVKw@xxxxxxxxxxxxxx>
> Content-Type: text/plain; charset=UTF-8
>
> Is it not time to establish a node operator web of trust?
> Look at all the nodes out there with or without 'contact' info,
> do you really know who runs them? Have you talked with
> them? What are their motivations? Are they your friends?
> Do you know where they work, such as you see them every day
> stocking grocery store, or in some building with a badge on it?
> Does their story jive? Are they active in the community/spaces
> we are? Etc. This is huge potential problem.
> NOWoT participation is optional, it is of course infiltratable,
> and what it proves may be arguable, but it seems a necessary
> thing to try as a test of that and to develop a good model.
> Many operators know each other in person. And the node
> density per geographic region supports getting out to meet
> operators even if only for the sole purpose of attesting 'I met
> this blob of flesh who proved ownership of node[s] x'.
> That's a big start, even against the sybil agents they'd surely
> send out to meet you.
> Many know exactly who the other is in the active community
> such that they can attest at that level. And so on down the
> line of different classes of trust that may be developed
> and asserted over each claimed operator.
> Assuming a NOWoT that actually says something can
> be established, is traffic then routable by the user over nodes
> via trust metrics in addition to the usual metrics and randomness?
> WoT's are an ancient subject... now what are the possibilities and
> issues when asserting them over physical nodes, not just over
> virtual nodes such as an email address found in your pubkey?
> And what about identities that exist only anonymously yet
> can prove control over various unique resources?
> If such WoT's cannot be proven to have non-value, then it seems
> worth doing.
>
> This doesn't just apply to Tor, but to any node based system.
>
>
> ------------------------------
>
> Message: 2
> Date: Mon, 10 Nov 2014 10:58:12 +0000
> From: Gareth Llewellyn <gareth@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
> To: tor-relays@xxxxxxxxxxxxxxxxxxxx
> Subject: Re: [tor-relays] Node Operators Web Of Trust
> Message-ID:
> <CAM8M=ki3y0xgOEdsTJPU_Y7DPVRQ37uZ5rPrE1W4i_TjByNNaQ@xxxxxxxxxxxxxx>
> Content-Type: text/plain; charset="utf-8"
>
>> On Fri, Nov 7, 2014 at 8:26 PM, grarpamp <grarpamp@xxxxxxxxx> wrote:
>>
>> Is it not time to establish a node operator web of trust?
>> Look at all the nodes out there with or without 'contact' info,
>> do you really know who runs them? Have you talked with
>> them? What are their motivations? Are they your friends?
>> Do you know where they work, such as you see them every day
>> stocking grocery store, or in some building with a badge on it?
>> Does their story jive? Are they active in the community/spaces
>> we are? Etc. This is huge potential problem.
>>
>
> I had an idea for this a little while ago; https://tortbv.link/ using the
> published GPG signature in the contact info to sign the node fingerprint,
> if you trust the GPG key then you can _possibly_ trust that the node is run
> by the named operator.
>
> Never got round to actually doing anything with it though...
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20141110/e06fc612/attachment-0001.html>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
> ------------------------------
>
> End of tor-relays Digest, Vol 46, Issue 17
> ******************************************
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays