Re: [tor-relays] Node Operators Web Of Trust

[tor]

On 11/07/2014 10:26 PM, grarpamp wrote:
> Is it not time to establish a node operator web of trust?
> Look at all the nodes out there with or without 'contact' info,
> do you really know who runs them? Have you talked with
> them? What are their motivations? Are they your friends?
> Do you know where they work, such as you see them every day
> stocking grocery store, or in some building with a badge on it?
> Does their story jive? Are they active in the community/spaces
> we are? Etc. This is huge potential problem.


I can't think of a good reason to do this, or why there is a problem.

Can think of quite a few negatives, the worst of which are related to 
the fact that NSA/GCHQ would like for Tor to go away. Something like 
what you describe would be a nice little tool for them to get 
useful-to-them personal info about Tor node operators. Even assuming 
that the node operators' identities are already known to the 
aforementioned agencies, how could feeding them juicy little details 
possibly help the situation.


It also kinda has "perfect environment for social engineering" written 
all over it. Who's to say that the most trusted-feeling people in such 
a group wouldn't necessarily be one of the infiltrating baddies. They 
are pro at this.







___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Node Operators Web Of Trust

[Vladimir Ivanov]

Technically, you can try doing the oder way around: sign you PGP key with a private key of your tor node. Thus, you can prove, that you own the node. 10.11.2014, 13:58, "Gareth Llewellyn" :On Fri, Nov 7, 2014 at 8:26 PM, grarpamp  wrote:Is it not time to establish a node operator web of trust? Look at all the nodes out there with or without 'contact' info, do you really know who runs them? Have you talked with them? What are their motivations? Are they your friends? Do you know where they work, such as you see them every day stocking grocery store, or in some building with a badge on it? Does their story jive? Are they active in the community/spaces we are? Etc. This is huge potential problem.I had an idea for this a little while ago; https://tortbv.link/ using the published GPG signature in the contact info to sign the node fingerprint, if you trust the GPG key then you can _possibly_ trust that the node is run by the named operator.Never got round to actually doing anything with it though...,___tor-relays mailing listtor-relays@lists.torproject.orghttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays  Vladimir Ivanov ___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Node Operators Web Of Trust

[grarpamp]

> On Mon, 10 Nov 2014 08:45:59 -0500 Spencer Rhodes :
> Strikes me as a very good idea. Perhaps lawyers wielding attorney-client
> privilege could be used to protect the identities of those node
> operators who wish to remain anonymous.
> --
> Spencer Rhodes, Esq.
> 126 East Jefferson Street, Orlando, Florida  USA  32801-1830
> t: +1.321.332.0407  |   f: +1.321.332.0409  |  m: +1.407.796.8282

To the extent it would look and run like any 'private' LLC/trust, yes.
Though various anons might not want to rely on paperwork and
other people to maintain certain levels of anonymity.
Depends on their threat model.
What are the oppurunities and tradeoffs there as you see them?
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Node Operators Web Of Trust

[grarpamp]

On Mon, Nov 10, 2014 at 8:36 AM, Julien ROBIN  wrote:
> I'm interested but, we must agree on that, it probably shouldn't be used for 
> adding privilege to people in this list.

It's up to the user to use or trust any assertions and/or the wot,
there is not force there. Though yes, I'd never blacklist nodes
in the directories just for nodes not being part of the wot.

> If one successfully got an invitation code, an evil attacker

The user is evaluating and doing the inviting as they see fit.

For example, I might be inclined to route my traffic only over
nodes run by those posting to this list, as opposed to also over
the thousands of nodes that are nothing to me but an IP address.

The closest analogy is subscribing to adblocker subscriptions.
If they subscribe to one that blocks torproject.org, that's their problem.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Node Operators Web Of Trust

[grarpamp]

On Mon, Nov 10, 2014 at 5:58 AM, Gareth Llewellyn
 wrote:
> I had an idea for this a little while ago; https://tortbv.link/ using the
> published GPG signature in the contact info to sign the node fingerprint, if
> you trust the GPG key then you can _possibly_ trust that the node is run by
> the named operator.

As an operator you would either
- sign with your key a statement of node fingerprint into a notary service
- create a subkey of your key holding said statement in comment
- sign your key by node key if security of node key was better
  https://trac.torproject.org/projects/tor/ticket/9478
  But since the trust desired is from the [real]world down into and
  over the nodes, this one isn't really useful.

You then still have to use your key to form [real]world WOT among
operators. Tying nodes to some [nym] identities is the first part...
in a way, making sybil harder.

Then users opting to route paths through tor via trust metrics need to
configure their client with whichever various trusted wot/root keys
they like or subscribe to, which then uses them to score fingerprints
for pathing. Doing this with them is second part.

Degree of freedom from some crossing of trusted key people
is probably sufficient to score things.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Node Operators Web Of Trust (Spencer Rhodes)

[Spencer Rhodes]

> 
> From: Gareth Llewellyn 
> To: tor-relays@lists.torproject.org
> Date: November 10, 2014 at 5:58:12 AM EST
> Reply-To: tor-relays@lists.torproject.org
> Subject: Re: [tor-relays] Node Operators Web Of Trust
> 
> 
> On Fri, Nov 7, 2014 at 8:26 PM, grarpamp  <mailto:grarp...@gmail.com>> wrote:
> Is it not time to establish a node operator web of trust?
> Look at all the nodes out there with or without 'contact' info,
> do you really know who runs them? Have you talked with
> them? What are their motivations? Are they your friends?
> Do you know where they work, such as you see them every day
> stocking grocery store, or in some building with a badge on it?
> Does their story jive? Are they active in the community/spaces
> we are? Etc. This is huge potential problem.
> 
> I had an idea for this a little while ago; https://tortbv.link/ 
> <https://tortbv.link/> using the published GPG signature in the contact info 
> to sign the node fingerprint, if you trust the GPG key then you can 
> _possibly_ trust that the node is run by the named operator.
> 
> Never got round to actually doing anything with it though...
> 
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



Strikes me as a very good idea. Perhaps lawyers wielding attorney-client 
privilege could be used to protect the identities of those node operators who 
wish to remain anonymous.
--
Spencer Rhodes, Esq.

126 East Jefferson Street, Orlando, Florida  USA  32801-1830
t: +1.321.332.0407  |   f: +1.321.332.0409  |  m: +1.407.796.8282___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Node Operators Web Of Trust

[Julien ROBIN]

Such a list could be pretty cool. 

I'm interested but, we must agree on that, it probably shouldn't be used for 
adding privilege to people in this list. I mean, the "privilege" shouldn't 
empower them against Tor security, because in such a case, social engineering 
could create a vulnerability against the network.

Of course, every system needs sincerity, and trust, of at least few people 
(administrators at least). But what I'm thinking of is, for example private 
torrent trackers, or satellite TV cards hacking forums. 
If one successfully got an invitation code, an evil attacker (looking to catch 
illegal downloaders or I don't know what) will finish by having an invitation 
code too.


At the end, I'm aware that when using Tor, my TCP/IP sessions can be seen by 
exit relay operators and ISPs agents. Even governments and judicature can ask 
an ISP for recording a targeted user's Internet connexion.
Even if the connection is https, the website to which I'm connected can see 
what I'm doing.
At the end, I'm thinking that, if my data through Tor is more likely to use 
server in the "green list", my behavior will remain the same : Tor is just 
hiding the originating IP address and it gives me a way to access the Internet 
from any country without moving out of my home.


Being a Tor Relay operator, running several Tor exits, and having been 
questioned by police several times, I also know that it's better for me to 
provide without wearing any mask (if not, it could be easy to think that there 
is something strange with me). And if my computers got seized they will have to 
prove I'm clear as drinkable water. Even if me data goes through a "green Tor 
list", I will not change my behavior on this point ;)



- Mail original -
De: "grarpamp" 
À: tor-relays@lists.torproject.org
Cc: cypherpu...@cpunks.org
Envoyé: Vendredi 7 Novembre 2014 21:26:40
Objet: [tor-relays] Node Operators Web Of Trust

Is it not time to establish a node operator web of trust?
Look at all the nodes out there with or without 'contact' info,
do you really know who runs them? Have you talked with
them? What are their motivations? Are they your friends?
Do you know where they work, such as you see them every day
stocking grocery store, or in some building with a badge on it?
Does their story jive? Are they active in the community/spaces
we are? Etc. This is huge potential problem.
NOWoT participation is optional, it is of course infiltratable,
and what it proves may be arguable, but it seems a necessary
thing to try as a test of that and to develop a good model.
Many operators know each other in person. And the node
density per geographic region supports getting out to meet
operators even if only for the sole purpose of attesting 'I met
this blob of flesh who proved ownership of node[s] x'.
That's a big start, even against the sybil agents they'd surely
send out to meet you.
Many know exactly who the other is in the active community
such that they can attest at that level. And so on down the
line of different classes of trust that may be developed
and asserted over each claimed operator.
Assuming a NOWoT that actually says something can
be established, is traffic then routable by the user over nodes
via trust metrics in addition to the usual metrics and randomness?
WoT's are an ancient subject... now what are the possibilities and
issues when asserting them over physical nodes, not just over
virtual nodes such as an email address found in your pubkey?
And what about identities that exist only anonymously yet
can prove control over various unique resources?
If such WoT's cannot be proven to have non-value, then it seems
worth doing.

This doesn't just apply to Tor, but to any node based system.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Node Operators Web Of Trust

[Eric Hocking]

That sounds like an excellent idea. if the site nowot.com is available, someone 
could register it. Maybe we could even get providers on board with the idea.

> On Nov 10, 2014, at 7:00 AM, tor-relays-requ...@lists.torproject.org wrote:
> 
> Send tor-relays mailing list submissions to
>tor-relays@lists.torproject.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> or, via email, send a message with subject or body 'help' to
>tor-relays-requ...@lists.torproject.org
> 
> You can reach the person managing the list at
>tor-relays-ow...@lists.torproject.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of tor-relays digest..."
> 
> 
> Today's Topics:
> 
>   1. Node Operators Web Of Trust (grarpamp)
>   2. Re: Node Operators Web Of Trust (Gareth Llewellyn)
> 
> 
> --
> 
> Message: 1
> Date: Fri, 7 Nov 2014 15:26:40 -0500
> From: grarpamp 
> To: tor-relays@lists.torproject.org
> Cc: cypherpu...@cpunks.org
> Subject: [tor-relays] Node Operators Web Of Trust
> Message-ID:
>
> Content-Type: text/plain; charset=UTF-8
> 
> Is it not time to establish a node operator web of trust?
> Look at all the nodes out there with or without 'contact' info,
> do you really know who runs them? Have you talked with
> them? What are their motivations? Are they your friends?
> Do you know where they work, such as you see them every day
> stocking grocery store, or in some building with a badge on it?
> Does their story jive? Are they active in the community/spaces
> we are? Etc. This is huge potential problem.
> NOWoT participation is optional, it is of course infiltratable,
> and what it proves may be arguable, but it seems a necessary
> thing to try as a test of that and to develop a good model.
> Many operators know each other in person. And the node
> density per geographic region supports getting out to meet
> operators even if only for the sole purpose of attesting 'I met
> this blob of flesh who proved ownership of node[s] x'.
> That's a big start, even against the sybil agents they'd surely
> send out to meet you.
> Many know exactly who the other is in the active community
> such that they can attest at that level. And so on down the
> line of different classes of trust that may be developed
> and asserted over each claimed operator.
> Assuming a NOWoT that actually says something can
> be established, is traffic then routable by the user over nodes
> via trust metrics in addition to the usual metrics and randomness?
> WoT's are an ancient subject... now what are the possibilities and
> issues when asserting them over physical nodes, not just over
> virtual nodes such as an email address found in your pubkey?
> And what about identities that exist only anonymously yet
> can prove control over various unique resources?
> If such WoT's cannot be proven to have non-value, then it seems
> worth doing.
> 
> This doesn't just apply to Tor, but to any node based system.
> 
> 
> --
> 
> Message: 2
> Date: Mon, 10 Nov 2014 10:58:12 +
> From: Gareth Llewellyn 
> To: tor-relays@lists.torproject.org
> Subject: Re: [tor-relays] Node Operators Web Of Trust
> Message-ID:
>
> Content-Type: text/plain; charset="utf-8"
> 
>> On Fri, Nov 7, 2014 at 8:26 PM, grarpamp  wrote:
>> 
>> Is it not time to establish a node operator web of trust?
>> Look at all the nodes out there with or without 'contact' info,
>> do you really know who runs them? Have you talked with
>> them? What are their motivations? Are they your friends?
>> Do you know where they work, such as you see them every day
>> stocking grocery store, or in some building with a badge on it?
>> Does their story jive? Are they active in the community/spaces
>> we are? Etc. This is huge potential problem.
>> 
> 
> I had an idea for this a little while ago; https://tortbv.link/ using the
> published GPG signature in the contact info to sign the node fingerprint,
> if you trust the GPG key then you can _possibly_ trust that the node is run
> by the named operator.
> 
> Never got round to actually doing anything with it though...
> -- next part --
> An HTML attachment was scrubbed...
> URL: 
> <http://lists.torproject.org/pipermail/tor-relays/attachments/20141110/e06fc612/attachment-0001.html>
> 
> --
> 
> Subject: Digest Footer
> 
> 

Re: [tor-relays] Node Operators Web Of Trust

[Gareth Llewellyn]

On Fri, Nov 7, 2014 at 8:26 PM, grarpamp  wrote:

> Is it not time to establish a node operator web of trust?
> Look at all the nodes out there with or without 'contact' info,
> do you really know who runs them? Have you talked with
> them? What are their motivations? Are they your friends?
> Do you know where they work, such as you see them every day
> stocking grocery store, or in some building with a badge on it?
> Does their story jive? Are they active in the community/spaces
> we are? Etc. This is huge potential problem.
>

I had an idea for this a little while ago; https://tortbv.link/ using the
published GPG signature in the contact info to sign the node fingerprint,
if you trust the GPG key then you can _possibly_ trust that the node is run
by the named operator.

Never got round to actually doing anything with it though...
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Node Operators Web Of Trust

[014]

 

On 2014-11-07 16:08, Kevin de Bie wrote: 

>> With that in mind, he does raise a valid point. Are there any plans to move
>> to a more decentralised model for the directory authorities? Are their any
>> plans to move the power to blacklist nodes out of the hands of the Tor 
>> Project
>> and into the hands of its users somehow.
> 
> This is pretty interesting point, but then i'm personally not really 
> interested in having any control over the actual blacklist. I'd feel plenty 
> comfortable with just insight into what is blacklisted, for what reason and 
> if possible some evidence to support this reason. Giving control to "the 
> people" isn't always a good thing either as even in TOR circles there'd be 
> people that can't deal with having power on any level. Transparency is 
> probably the word I was looking for to use. 
> I didn't fill in contact information on my fresh tor relay simply because the 
> app I use doesn't allow me to. (my tor relay runs on an Ouya, therefore 
> android) Regardless of the absence of contact information the reason I run 
> the relay are in line with the reasons why TOR exists. 
> 
> 2014-11-07 22:35 GMT+01:00 Derric Atzrott :
> 
>>> How does one establish trust online though? Trust is a very delicate thing. 
>>> A
>>> system such as this simply inherently has these challenges. Pretty sure that
>>> is why the tor browser for example always uses https.
>> 
>> Indeed, both the centralised and decentralised systems that are currently in
>> place have major issues. Within centralised systems like the Certificate
>> Authority system we see corruption (have you seen their fees) and we must
>> trust them to actually verify identities and to remain secure, something
>> at least a few CAs have proven that they can't do. Then we also have to
>> trust our vendors to provide default lists of CAs to trust that are in
>> fact worth of our trust.
>> 
>> Within decentralised systems like PGP we have to worry about the network
>> effect, and making sure that people understand what they are actually doing,
>> again we worry about whether or not we can trust our friends, and whether or
>> not we can trust their friends.
>> 
>> Trust is probably one of the hardest problems facing folks using the 
>> Internet.
>> 
>> With that in mind, he does raise a valid point. Are there any plans to move
>> to a more decentralised model for the directory authorities? Are their any
>> plans to move the power to blacklist nodes out of the hands of the Tor 
>> Project
>> and into the hands of its users somehow.
>> 
>> I'm not exactly sure how either of those would be accomplished, but I'm sure
>> there is a clever solution somewhere.
>> 
>> Thank you,
>> Derric Atzrott
>> 
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays [1]
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays [1]

Trust can also be purchased indirectly. The operator you began trusting
could hand over the keys for a price. 

Links:
--
[1] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Node Operators Web Of Trust

[Kevin de Bie]

>With that in mind, he does raise a valid point.  Are there any plans to
move
>to a more decentralised model for the directory authorities?  Are their any
>plans to move the power to blacklist nodes out of the hands of the Tor
Project
>and into the hands of its users somehow.

This is pretty interesting point, but then i'm personally not really
interested in having any control over the actual blacklist. I'd feel plenty
comfortable with just insight into what is blacklisted, for what reason and
if possible some evidence to support this reason. Giving control to "the
people" isn't always a good thing either as even in TOR circles there'd be
people that can't deal with having power on any level. Transparency is
probably the word I was looking for to use.
I didn't fill in contact information on my fresh tor relay simply because
the app I use doesn't allow me to. (my tor relay runs on an Ouya, therefore
android) Regardless of the absence of contact information the reason I run
the relay are in line with the reasons why TOR exists.


2014-11-07 22:35 GMT+01:00 Derric Atzrott :

> > How does one establish trust online though? Trust is a very delicate
> thing. A
> > system such as this simply inherently has these challenges. Pretty sure
> that
> > is why the tor browser for example always uses https.
>
> Indeed, both the centralised and decentralised systems that are currently
> in
> place have major issues.  Within centralised systems like the Certificate
> Authority system we see corruption (have you seen their fees) and we must
> trust them to actually verify identities and to remain secure, something
> at least a few CAs have proven that they can't do.  Then we also have to
> trust our vendors to provide default lists of CAs to trust that are in
> fact worth of our trust.
>
> Within decentralised systems like PGP we have to worry about the network
> effect, and making sure that people understand what they are actually
> doing,
> again we worry about whether or not we can trust our friends, and whether
> or
> not we can trust their friends.
>
> Trust is probably one of the hardest problems facing folks using the
> Internet.
>
> With that in mind, he does raise a valid point.  Are there any plans to
> move
> to a more decentralised model for the directory authorities?  Are their any
> plans to move the power to blacklist nodes out of the hands of the Tor
> Project
> and into the hands of its users somehow.
>
> I'm not exactly sure how either of those would be accomplished, but I'm
> sure
> there is a clever solution somewhere.
>
> Thank you,
> Derric Atzrott
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Node Operators Web Of Trust

[Derric Atzrott]

> How does one establish trust online though? Trust is a very delicate thing. A
> system such as this simply inherently has these challenges. Pretty sure that
> is why the tor browser for example always uses https.

Indeed, both the centralised and decentralised systems that are currently in
place have major issues.  Within centralised systems like the Certificate
Authority system we see corruption (have you seen their fees) and we must
trust them to actually verify identities and to remain secure, something
at least a few CAs have proven that they can't do.  Then we also have to
trust our vendors to provide default lists of CAs to trust that are in
fact worth of our trust.

Within decentralised systems like PGP we have to worry about the network
effect, and making sure that people understand what they are actually doing,
again we worry about whether or not we can trust our friends, and whether or
not we can trust their friends.

Trust is probably one of the hardest problems facing folks using the Internet.

With that in mind, he does raise a valid point.  Are there any plans to move
to a more decentralised model for the directory authorities?  Are their any
plans to move the power to blacklist nodes out of the hands of the Tor Project
and into the hands of its users somehow.

I'm not exactly sure how either of those would be accomplished, but I'm sure
there is a clever solution somewhere.

Thank you,
Derric Atzrott

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Node Operators Web Of Trust

[obx]

I run a pseudonymous exit node and I'm not interested in giving up my
pseudonymity by meeting people in real life.

I don't want to end up on a special interest watch list.

On Fri, Nov 07, 2014 at 03:26:40PM -0500, grarpamp wrote:
> Is it not time to establish a node operator web of trust?
> Look at all the nodes out there with or without 'contact' info,
> do you really know who runs them? Have you talked with
> them? What are their motivations? Are they your friends?
> Do you know where they work, such as you see them every day
> stocking grocery store, or in some building with a badge on it?
> Does their story jive? Are they active in the community/spaces
> we are? Etc. This is huge potential problem.
> NOWoT participation is optional, it is of course infiltratable,
> and what it proves may be arguable, but it seems a necessary
> thing to try as a test of that and to develop a good model.
> Many operators know each other in person. And the node
> density per geographic region supports getting out to meet
> operators even if only for the sole purpose of attesting 'I met
> this blob of flesh who proved ownership of node[s] x'.
> That's a big start, even against the sybil agents they'd surely
> send out to meet you.
> Many know exactly who the other is in the active community
> such that they can attest at that level. And so on down the
> line of different classes of trust that may be developed
> and asserted over each claimed operator.
> Assuming a NOWoT that actually says something can
> be established, is traffic then routable by the user over nodes
> via trust metrics in addition to the usual metrics and randomness?
> WoT's are an ancient subject... now what are the possibilities and
> issues when asserting them over physical nodes, not just over
> virtual nodes such as an email address found in your pubkey?
> And what about identities that exist only anonymously yet
> can prove control over various unique resources?
> If such WoT's cannot be proven to have non-value, then it seems
> worth doing.
> 
> This doesn't just apply to Tor, but to any node based system.
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Node Operators Web Of Trust

[Kevin de Bie]

How does one establish trust online though? Trust is a very delicate thing.
A system such as this simply inherently has these challenges. Pretty sure
that is why the tor browser for example always uses https.

Op 21:26 vr 7 nov. 2014 schreef grarpamp :

> Is it not time to establish a node operator web of trust?
> Look at all the nodes out there with or without 'contact' info,
> do you really know who runs them? Have you talked with
> them? What are their motivations? Are they your friends?
> Do you know where they work, such as you see them every day
> stocking grocery store, or in some building with a badge on it?
> Does their story jive? Are they active in the community/spaces
> we are? Etc. This is huge potential problem.
> NOWoT participation is optional, it is of course infiltratable,
> and what it proves may be arguable, but it seems a necessary
> thing to try as a test of that and to develop a good model.
> Many operators know each other in person. And the node
> density per geographic region supports getting out to meet
> operators even if only for the sole purpose of attesting 'I met
> this blob of flesh who proved ownership of node[s] x'.
> That's a big start, even against the sybil agents they'd surely
> send out to meet you.
> Many know exactly who the other is in the active community
> such that they can attest at that level. And so on down the
> line of different classes of trust that may be developed
> and asserted over each claimed operator.
> Assuming a NOWoT that actually says something can
> be established, is traffic then routable by the user over nodes
> via trust metrics in addition to the usual metrics and randomness?
> WoT's are an ancient subject... now what are the possibilities and
> issues when asserting them over physical nodes, not just over
> virtual nodes such as an email address found in your pubkey?
> And what about identities that exist only anonymously yet
> can prove control over various unique resources?
> If such WoT's cannot be proven to have non-value, then it seems
> worth doing.
>
> This doesn't just apply to Tor, but to any node based system.
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays