That sounds like an excellent idea. if the site nowot.com is available, someone could register it. Maybe we could even get providers on board with the idea.
> On Nov 10, 2014, at 7:00 AM, [email protected] wrote: > > Send tor-relays mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of tor-relays digest..." > > > Today's Topics: > > 1. Node Operators Web Of Trust (grarpamp) > 2. Re: Node Operators Web Of Trust (Gareth Llewellyn) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Fri, 7 Nov 2014 15:26:40 -0500 > From: grarpamp <[email protected]> > To: [email protected] > Cc: [email protected] > Subject: [tor-relays] Node Operators Web Of Trust > Message-ID: > <cad2ti2__jyld2cyfwoiteokpfofdoigb7_xqtucgo+ckrjr...@mail.gmail.com> > Content-Type: text/plain; charset=UTF-8 > > Is it not time to establish a node operator web of trust? > Look at all the nodes out there with or without 'contact' info, > do you really know who runs them? Have you talked with > them? What are their motivations? Are they your friends? > Do you know where they work, such as you see them every day > stocking grocery store, or in some building with a badge on it? > Does their story jive? Are they active in the community/spaces > we are? Etc. This is huge potential problem. > NOWoT participation is optional, it is of course infiltratable, > and what it proves may be arguable, but it seems a necessary > thing to try as a test of that and to develop a good model. > Many operators know each other in person. And the node > density per geographic region supports getting out to meet > operators even if only for the sole purpose of attesting 'I met > this blob of flesh who proved ownership of node[s] x'. > That's a big start, even against the sybil agents they'd surely > send out to meet you. > Many know exactly who the other is in the active community > such that they can attest at that level. And so on down the > line of different classes of trust that may be developed > and asserted over each claimed operator. > Assuming a NOWoT that actually says something can > be established, is traffic then routable by the user over nodes > via trust metrics in addition to the usual metrics and randomness? > WoT's are an ancient subject... now what are the possibilities and > issues when asserting them over physical nodes, not just over > virtual nodes such as an email address found in your pubkey? > And what about identities that exist only anonymously yet > can prove control over various unique resources? > If such WoT's cannot be proven to have non-value, then it seems > worth doing. > > This doesn't just apply to Tor, but to any node based system. > > > ------------------------------ > > Message: 2 > Date: Mon, 10 Nov 2014 10:58:12 +0000 > From: Gareth Llewellyn <[email protected]> > To: [email protected] > Subject: Re: [tor-relays] Node Operators Web Of Trust > Message-ID: > <CAM8M=ki3y0xgoedstjpu_y7dpvrq37uz5rpre1w4i_tjbyn...@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > >> On Fri, Nov 7, 2014 at 8:26 PM, grarpamp <[email protected]> wrote: >> >> Is it not time to establish a node operator web of trust? >> Look at all the nodes out there with or without 'contact' info, >> do you really know who runs them? Have you talked with >> them? What are their motivations? Are they your friends? >> Do you know where they work, such as you see them every day >> stocking grocery store, or in some building with a badge on it? >> Does their story jive? Are they active in the community/spaces >> we are? Etc. This is huge potential problem. >> > > I had an idea for this a little while ago; https://tortbv.link/ using the > published GPG signature in the contact info to sign the node fingerprint, > if you trust the GPG key then you can _possibly_ trust that the node is run > by the named operator. > > Never got round to actually doing anything with it though... > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://lists.torproject.org/pipermail/tor-relays/attachments/20141110/e06fc612/attachment-0001.html> > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > tor-relays mailing list > [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > > ------------------------------ > > End of tor-relays Digest, Vol 46, Issue 17 > ****************************************** _______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
