[tor-relays] Node Operators Web Of Trust

[Derric Atzrott]

> How does one establish trust online though? Trust is a very delicate thing. A
> system such as this simply inherently has these challenges. Pretty sure that
> is why the tor browser for example always uses https.

Indeed, both the centralised and decentralised systems that are currently in
place have major issues.  Within centralised systems like the Certificate
Authority system we see corruption (have you seen their fees) and we must
trust them to actually verify identities and to remain secure, something
at least a few CAs have proven that they can't do.  Then we also have to
trust our vendors to provide default lists of CAs to trust that are in
fact worth of our trust.

Within decentralised systems like PGP we have to worry about the network
effect, and making sure that people understand what they are actually doing,
again we worry about whether or not we can trust our friends, and whether or
not we can trust their friends.

Trust is probably one of the hardest problems facing folks using the Internet.

With that in mind, he does raise a valid point.  Are there any plans to move
to a more decentralised model for the directory authorities?  Are their any
plans to move the power to blacklist nodes out of the hands of the Tor Project
and into the hands of its users somehow.

I'm not exactly sure how either of those would be accomplished, but I'm sure
there is a clever solution somewhere.

Thank you,
Derric Atzrott