[tor-relays] Node Operators Web Of Trust
grarpamp
grarpamp at gmail.com
Mon Nov 10 21:34:35 UTC 2014
On Mon, Nov 10, 2014 at 5:58 AM, Gareth Llewellyn
<gareth at networksaremadeofstring.co.uk> wrote:
> I had an idea for this a little while ago; https://tortbv.link/ using the
> published GPG signature in the contact info to sign the node fingerprint, if
> you trust the GPG key then you can _possibly_ trust that the node is run by
> the named operator.
As an operator you would either
- sign with your key a statement of node fingerprint into a notary service
- create a subkey of your key holding said statement in comment
- sign your key by node key if security of node key was better
https://trac.torproject.org/projects/tor/ticket/9478
But since the trust desired is from the [real]world down into and
over the nodes, this one isn't really useful.
You then still have to use your key to form [real]world WOT among
operators. Tying nodes to some [nym] identities is the first part...
in a way, making sybil harder.
Then users opting to route paths through tor via trust metrics need to
configure their client with whichever various trusted wot/root keys
they like or subscribe to, which then uses them to score fingerprints
for pathing. Doing this with them is second part.
Degree of freedom from some crossing of trusted key people
is probably sufficient to score things.
More information about the tor-relays
mailing list