Bitcoin Forum

They are both very happy with the transaction. The next time Bob deals with someone, he sends him both the pieces of JSON Alice signed. The other party can verify it and see that Alice trusts Bob. Then the other party sends Bob's public key to several trust servers, to see if the trust servers have any JSON-1s signed with Bob's key that do not have a matching JSON-2. There are none, in this case, so Bob's rating is whatever Alice gave him.

Alice rated Bob negatively. The next time Bob deals with someone, he doesn't send the JSON about the transactions with Alice, because they'd bring his rating down. But when the other party sends Bob's public key to several trust servers, they come back with Alice's JSON-1, or both JSON-1 and JSON-2. If only the JSON-1 comes back, then Bob gets counted as getting the maximum negative rating. Otherwise, Bob gets the rating in the JSON-2.

So say Alice wants to do some transaction with Bob. Bob and Alice both have RSA keys of a decent length.

It's not necessary to bring RSA into it unless you have special needs like blinding or a lack of message expansion. If Bob and Alice use Bitcoin then they both have perfectly serviceable public/private keypairs. It also sounds like you only want to sign so ECDSA is fine.

Your protocol has at least the flaw that an attacker BadBob can generate very large positive ratings for themselves by creating multiple DummyAlices who give positive ratings for large numbers of arbitrary transactions. This is because, in your scheme there's nothing making sure that the Bitcoin transaction referred to is a transaction involving either Alice or Bob at all.

*snip*
The primary means of 'getting in' for most new users will be cash. There are a handful of projects that are attempting to set up a global network of cash-to-bitcoin-to-cash dealers; the ones I know about are

• Bruce Wagner's personal efforts & http://btcnearme.com/
• Bitcoin Local - http://www.tradebitcoin.com/ Lots of dealers exchangers in the Northeast
• Ubitex - http://ubitex.org/ubitex/ new site - under construction!
• edit http://blackandyellowpages.com/ - this applies too, more info here (http://agoristradio.com/?p=226)
• edit 2 bitmarket.eu (http://bitcointalk.org/index.php?topic=6992) - not cash dealer, but interested in GPG integration
• edit 3 dduane's Bitcoin Cambio (http://bitcoincambio.com/)

We should integrate all of these efforts right now, while they're all still in development. It's inevitable that some efforts will fail, so we should try to make the system robust enough to absorb those failures. We should have a common way to identify a particular exchanger that is exportable to multiple websites (i.e. a GPG key.) #bitcoin-otc already has a significant web of trust set up, and it's not hard to integrate import that into other applications.

If we have multiple sites using information from a single web of trust, we should decide on a common API to communicate between those sites. Right now, the OTC database records a user ID (gpg key), a rating from -10 to 10, and a notes field. This is fine for -otc, but other sites will likely want to record additional information in their own webs.

Some stuff that might be saved in a WOT database: contact information, services offered, currencies offered, availability times, trade volume limits, rough GPS coordinates.

If we agree on a protocol such that all sites can share data, we can make the whole Bitcoin economy a 'decentralized exchange.' When any one site fails, another can take its trust database and start with that. To avoid tampering the databases should probably be public knowledge.

The advantage of using GPG (RSA) keys is, first off, that there is already a sizeable WOT based upon these keys. Second, GPG keys seem to be a useful platform for several under-development WOT networks. If we limit this system to Bitcoin ECDSA keys, it's only useful for Bitcoin. I think that it's important that we pick a standard API to exchange WOT data across different sites. This interoperability would be great.

Pasting from my post here (http://bitcointalk.org/index.php?topic=7096.msg104196#msg104196):

An attacker can always make as many shill accounts as they want, but it will be difficult to gain enough trust to perform repeated scams. A smart WOT database could go as in-depth as desired while calculating trust ratings. Perhaps it can identify if a subset of users consistently rate each other highly, but rarely rate outside their local group. Then, when one of these scams someone, the others in that subnet can have slightly lowered trust ratings for later transactions.

I imagine that we will see some really neat trust algorithms evolving.

Does this clear it up?
<cuddlefish> Before you do a transaction, each party signs a bit of data that establishes that they are going to transact with eachother
<cuddlefish> Afterwards, they rate eachother and sign the ratings.
<cuddlefish> if 2 people said they were going to do a transaction, but the one you're trying to check ratings for won't tell you how it turned out
<cuddlefish> you can be very suspicious