[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Node Operators Web Of Trust



How does one establish trust online though? Trust is a very delicate thing. A system such as this simply inherently has these challenges. Pretty sure that is why the tor browser for example always uses https.


Op 21:26 vr 7 nov. 2014 schreefÂgrarpamp <grarpamp@xxxxxxxxx>:
Is it not time to establish a node operator web of trust?
Look at all the nodes out there with or without 'contact' info,
do you really know who runs them? Have you talked with
them? What are their motivations? Are they your friends?
Do you know where they work, such as you see them every day
stocking grocery store, or in some building with a badge on it?
Does their story jive? Are they active in the community/spaces
we are? Etc. This is huge potential problem.
NOWoT participation is optional, it is of course infiltratable,
and what it proves may be arguable, but it seems a necessary
thing to try as a test of that and to develop a good model.
Many operators know each other in person. And the node
density per geographic region supports getting out to meet
operators even if only for the sole purpose of attesting 'I met
this blob of flesh who proved ownership of node[s] x'.
That's a big start, even against the sybil agents they'd surely
send out to meet you.
Many know exactly who the other is in the active community
such that they can attest at that level. And so on down the
line of different classes of trust that may be developed
and asserted over each claimed operator.
Assuming a NOWoT that actually says something can
be established, is traffic then routable by the user over nodes
via trust metrics in addition to the usual metrics and randomness?
WoT's are an ancient subject... now what are the possibilities and
issues when asserting them over physical nodes, not just over
virtual nodes such as an email address found in your pubkey?
And what about identities that exist only anonymously yet
can prove control over various unique resources?
If such WoT's cannot be proven to have non-value, then it seems
worth doing.

This doesn't just apply to Tor, but to any node based system.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxorg
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays