[tor-relays] Node Operators Web Of Trust

Eric Hocking ehock7229 at outlook.com
Mon Nov 10 12:30:22 UTC 2014 

That sounds like an excellent idea. if the site nowot.com is available, someone could register it. Maybe we could even get providers on board with the idea.

> On Nov 10, 2014, at 7:00 AM, tor-relays-request at lists.torproject.org wrote:
> 
> Send tor-relays mailing list submissions to
>    tor-relays at lists.torproject.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>    https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> or, via email, send a message with subject or body 'help' to
>    tor-relays-request at lists.torproject.org
> 
> You can reach the person managing the list at
>    tor-relays-owner at lists.torproject.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of tor-relays digest..."
> 
> 
> Today's Topics:
> 
>   1. Node Operators Web Of Trust (grarpamp)
>   2. Re: Node Operators Web Of Trust (Gareth Llewellyn)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Fri, 7 Nov 2014 15:26:40 -0500
> From: grarpamp <grarpamp at gmail.com>
> To: tor-relays at lists.torproject.org
> Cc: cypherpunks at cpunks.org
> Subject: [tor-relays] Node Operators Web Of Trust
> Message-ID:
>    <CAD2Ti2__JyLd2CYfWOitEOkPfOFDOiGb7_xqtUCgo+cKrJRVKw at mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
> 
> Is it not time to establish a node operator web of trust?
> Look at all the nodes out there with or without 'contact' info,
> do you really know who runs them? Have you talked with
> them? What are their motivations? Are they your friends?
> Do you know where they work, such as you see them every day
> stocking grocery store, or in some building with a badge on it?
> Does their story jive? Are they active in the community/spaces
> we are? Etc. This is huge potential problem.
> NOWoT participation is optional, it is of course infiltratable,
> and what it proves may be arguable, but it seems a necessary
> thing to try as a test of that and to develop a good model.
> Many operators know each other in person. And the node
> density per geographic region supports getting out to meet
> operators even if only for the sole purpose of attesting 'I met
> this blob of flesh who proved ownership of node[s] x'.
> That's a big start, even against the sybil agents they'd surely
> send out to meet you.
> Many know exactly who the other is in the active community
> such that they can attest at that level. And so on down the
> line of different classes of trust that may be developed
> and asserted over each claimed operator.
> Assuming a NOWoT that actually says something can
> be established, is traffic then routable by the user over nodes
> via trust metrics in addition to the usual metrics and randomness?
> WoT's are an ancient subject... now what are the possibilities and
> issues when asserting them over physical nodes, not just over
> virtual nodes such as an email address found in your pubkey?
> And what about identities that exist only anonymously yet
> can prove control over various unique resources?
> If such WoT's cannot be proven to have non-value, then it seems
> worth doing.
> 
> This doesn't just apply to Tor, but to any node based system.
> 
> 
> ------------------------------
> 
> Message: 2
> Date: Mon, 10 Nov 2014 10:58:12 +0000
> From: Gareth Llewellyn <gareth at networksaremadeofstring.co.uk>
> To: tor-relays at lists.torproject.org
> Subject: Re: [tor-relays] Node Operators Web Of Trust
> Message-ID:
>    <CAM8M=ki3y0xgOEdsTJPU_Y7DPVRQ37uZ5rPrE1W4i_TjByNNaQ at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
> 
>> On Fri, Nov 7, 2014 at 8:26 PM, grarpamp <grarpamp at gmail.com> wrote:
>> 
>> Is it not time to establish a node operator web of trust?
>> Look at all the nodes out there with or without 'contact' info,
>> do you really know who runs them? Have you talked with
>> them? What are their motivations? Are they your friends?
>> Do you know where they work, such as you see them every day
>> stocking grocery store, or in some building with a badge on it?
>> Does their story jive? Are they active in the community/spaces
>> we are? Etc. This is huge potential problem.
>> 
> 
> I had an idea for this a little while ago; https://tortbv.link/ using the
> published GPG signature in the contact info to sign the node fingerprint,
> if you trust the GPG key then you can _possibly_ trust that the node is run
> by the named operator.
> 
> Never got round to actually doing anything with it though...
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20141110/e06fc612/attachment-0001.html>
> 
> ------------------------------
> 
> Subject: Digest Footer
> 
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> 
> ------------------------------
> 
> End of tor-relays Digest, Vol 46, Issue 17
> ******************************************

More information about the tor-relays mailing list