On Mon, Nov 10, 2014 at 5:58 AM, Gareth Llewellyn gareth@networksaremadeofstring.co.uk wrote:
I had an idea for this a little while ago; https://tortbv.link/ using the published GPG signature in the contact info to sign the node fingerprint, if you trust the GPG key then you can _possibly_ trust that the node is run by the named operator.
As an operator you would either - sign with your key a statement of node fingerprint into a notary service - create a subkey of your key holding said statement in comment - sign your key by node key if security of node key was better https://trac.torproject.org/projects/tor/ticket/9478 But since the trust desired is from the [real]world down into and over the nodes, this one isn't really useful.
You then still have to use your key to form [real]world WOT among operators. Tying nodes to some [nym] identities is the first part... in a way, making sybil harder.
Then users opting to route paths through tor via trust metrics need to configure their client with whichever various trusted wot/root keys they like or subscribe to, which then uses them to score fingerprints for pathing. Doing this with them is second part.
Degree of freedom from some crossing of trusted key people is probably sufficient to score things.