[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] A Simple Web of Trust for Tor Relay Operator IDs

To: nusenu-lists@xxxxxxxxxx, tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] A Simple Web of Trust for Tor Relay Operator IDs
From: yanmaani@xxxxxxx
Date: Sun, 24 Oct 2021 05:37:23 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 07 Dec 2021 09:20:07 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cock.li; s=mail; t=1635053843; bh=+ZCmQ/zMYlGexx3JeROyFcbTKTnY4Q5YMLpWNksu7RA=; h=Date:From:To:Subject:In-Reply-To:References:From; b=Gp/nENx7kxjIWiycgTBV3MkVCldZyj2xM9DyZAE/CskUY//Wd42ghzp94NlJLtMUu vNcPhxwPOtoWnML4NcqvX4OsY9AWbyigh//YBARGjfiIAg2wFMTUxZdJwMV1Mv/yU2 3Fn8bStY/JlE3yrUkcG7lzZTVmr3AtylTCn6GechZ4KvSiD+xO0ayyFGPyMuzBeV2+ 39MLTFR4Mqesle/kFlnuNlZZSzgAMcFI7/eCja8MZWlfnYmtrkZWWN+euknp1GlSx1 SCBoZvAuEqTye6DUG3iSgmhUo4jlYrs3QakH/cCis0yt3szTS9ftvMoB/mSgxJIOau zhlYVYnHcbcPg==
In-reply-to: <60937022-826b-3897-4c0b-b0760a866e89@riseup.net>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <60937022-826b-3897-4c0b-b0760a866e89@riseup.net>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Roundcube Webmail/1.3.16

(sorry for replying directly before)
On 2021-10-03 16:16, nusenu-lists at riseup.net wrote:

Hi,

I wrote down a spec for a simple web of trust
for relay operator IDs:


Some comments, in no particular order:

Why not just put the keys in directly, or even a magnet link to yourlatest web of trust? That would remove the need to trust SSL CAs.

What problems does this solve, specifically, and how? If I - mepersonally, not the generic I - wanted to spin up a relay, how would Ido that?

Would I go on this mailing list and ask random people to sign my relay?If so, it's not very useful.

Or would I just run it without any signatures at all? If so, it's notvery useful.

The basic problem, I think, is the same as for PGP: it's not reallyclear what you're attesting to when you sign. If I sign a my mate'srelay, and then that relay turns out to be dodgy, do I also lose myrelay operation privileges?

I think that WoT systems have a definite value for preventing Sybilattacks, they are very powerful, and I don't think these issues areinsurmountable, but they have to be addressed.

If you're going to do it in a "machine-friendly" manner, then I supposeyou have to come up with some kind of formalized notion of what trustrepresents, maybe have some numerical scale so you can define (just asan example) 100 = "I've personally audited the hardware", 70 = "This isan organization I trust", 10 = "I know who this person is, it's not justa fresh hotmail".

Or, you can do it in a "human-friendly" manner, where you just writetext notes with each trust relationship. That would make it quiteuseless to parse, but could be useful to give us some information aboutrelays.


Now, here's my gut feeling:

Instinctively, it seems silly to have the trust relationships denote"this person is a good relay operator" (how would you even quantifythat?), and maybe more reasonable to have it denote "I know this guy, hedidn't just pop into existence last Thursday". And if you're doing that,it seems like the second approach makes more sense. This clearlysuggests some limitations to it, but possibly still useful.

Anyway, if you're going to do that, it might also be reasonable to hookinto a pre-existing web of trust, like GPG or something. That way, wecan encode stuff like "I trust my mate Alice, she isn't a relayoperator, she trusts Bob, who is, therefore I transitively trust Bob."This doesn't work great if Alice has to register in the separate Tor Webof Trust thing. (On the other hand, we introduce the problem of someonedoing a Sybil by being introduced to random people who will signliterally anything, not being aware of Tor, and then showing up withplausible-looking trust pairs. But maybe that's not such a big problem,because that arguably looks even shadier?)


I think this is a very good initiative, anyway.
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Prev by Author: Re: [tor-dev] Client identification for authenticated onions
Next by Author: Re: [tor-dev] A Simple Web of Trust for Tor Relay Operator IDs
Previous by thread: Re: [tor-dev] A Simple Web of Trust for Tor Relay Operator IDs
Next by thread: [tor-dev] Interoperation with libp2p
Index(es):
- Author
- Thread