Title: [ANNOUNCE] Global Web Of Trust Standards Workgroup Post by: PLATO on May 05, 2011, 08:31:14 PM The bitcoin community (and internet as a whole) will benefit if we can create a truly global web of trust.
As Bitcoin grows, more services will be based on trust. Maybe we'll see a classifieds site (BitListings?) where you're willing to ship your junk across the country in exchange for bitcoins to trusted parties. Maybe "CryptNet" from The Diamond Age will show up. Exchangers (e.g. Coinpal -otc) are already using trust-based systems. The workgroup will oversee the creation of a standard to allow all of these systems to interact. The primary goal is to decide on an API that will allow sites to share their trust data. Some sites will opt to keep their trust data internal, which is fine. However, the advantage of creating a global web of trust is that your -otc ratings will show up when you use BitListings. This would help solve a lot of trustability problems. I've purchased some web hosting which is currently located at bitcoin.subvert.me (http://bitcoin.subvert.me). It's still empty. I've set up a mailing list to start hashing out the low level details (like what to put on the site.) Join the list by emailing bitcoin-join@subvert.me and leave by emailing bitcoin-leave@subvert.me. Emails sent to bitcoin@subvert.me will go to the whole list. You can set an option to receive a single daily digest email here (http://subvert.me/mailman/listinfo/bitcoin_subvert.me). We can use a lot of different opinions - users, developers, site owners are all encouraged to help us create the best possible system. BTW - I have never created a standard before, if you have experience with this, your input will be especially valuable. PLATO Title: Re: [ANNOUNCE] Global Web Of Trust Standards Workgroup Post by: Garrett Burgwardt on May 08, 2011, 06:31:00 PM I don't have much experience either but I'm certainly willing to help out.
One thing I'd say is critical to have is an easy way in and out. Nanotube will vouch for me being the most vocal about how much a pain in the ass GPG is for people who aren't running linux or a specific irc client. Maybe a database that will send your credentials for you given the password to the gpg key? Anyway, I'm on the mailing list. Title: Re: [ANNOUNCE] Global Web Of Trust Standards Workgroup Post by: Matt Corallo on May 08, 2011, 06:51:07 PM One thing I'd say is critical to have is an easy way in and out. Nanotube will vouch for me being the most vocal about how much a pain in the ass GPG is for people who aren't running linux or a specific irc client. Maybe a database that will send your credentials for you given the password to the gpg key? Totally agree, its a real shame gpg is so hard to get going on Windows but it is so ideal for situations like this...maybe working on a better gpg for windows is the first step to this ;).In any case, it is also important to strictly define how trust is given. Arbitrary numbers don't always work so well (see -otc's 1 == I made a trade for 100 BTC or I sent someone 1 BTC and they sent it back). Also, trust is given in different areas and doesn't necessarily cross over. For the next release of bitcoin (0.4.0) the build system will be made distributed and based on trust assigned to the gpg keys of various developers who build and sign a bitcoin binary deterministically, just because I'd trust someone on a 1000 BTC transaction doesn't mean I would trust them to build bitcoin safely, I might only trust someone with a 1 BTC transaction, but I know they would never sign something which they put a virus in. Title: Re: [ANNOUNCE] Global Web Of Trust Standards Workgroup Post by: error on May 08, 2011, 06:52:46 PM Interested in following this, but words cannot describe how much I despise the mailing list format, especially for anything vaguely important.
Title: Re: [ANNOUNCE] Global Web Of Trust Standards Workgroup Post by: Vasili Sviridov on May 08, 2011, 07:58:46 PM Actually, getting GPG on windows is not that bad, albeit being bit roundabout. Just install Mozilla Thunderbird and the install Enigmail plugin for it.
Title: Re: [ANNOUNCE] Global Web Of Trust Standards Workgroup Post by: Garrett Burgwardt on May 08, 2011, 09:54:10 PM There's a very easy way to /install/ gpg on windows.
The problem comes from authing taking multiple copy and pastes which is a huge hassle, and it is also just a daunting task for many people who aren't computer savvy. Title: Re: [ANNOUNCE] Global Web Of Trust Standards Workgroup Post by: Cryptoman on May 09, 2011, 03:02:19 AM You could also sign up for an email account with hushmail and use their GPG tools.
Title: Re: [ANNOUNCE] Global Web Of Trust Standards Workgroup Post by: PLATO on May 09, 2011, 04:33:11 AM Interested in following this, but words cannot describe how much I despise the mailing list format, especially for anything vaguely important. The only real purpose of the mailing list is to figure out how to manage the project. (e.g. what's the best way to communicate, what tools to use?) Pasting from the (only) message I've sent to the list so far: Quote from: PLATO One of the first things we need to do is set up a project tracking website to keep everything efficient. I just purchased hosting for 4btc/mo from soulacehosting.net and have set up the site http://bitcoin.subvert.me. What should go there? Git repos? Trac? The initial goal of this project as is to come up with a standard, or set of standards, governing webs of trust. The WOT model is really useful in a lot of different contexts, and one of the neat things about them is they're exportable. #bitcoin-otc's databases are public, here: http://bitcoin-otc.com/otc/ They use GPG keys as identities, with a meta layer on top of that (viz. rating and a comment). This data could easily be exported as plaintext and imported to any site that wanted to initialize or update their trust database. Some initial thoughts: -If many sites all publicize their ratings, they can create a truly global web of trust and everyone benefits. if everyone keeps their data private (or simply inaccessible), everyone loses -Sites may have different internal implementations, but should use a JSON or similar API to share trust data -Design to allow crypto schemes other than GPG -Draft some ways to audit public trust DB's. This way we can detect site owners tampering with ratings (maybe the site operator signs each rating) -How to deal with merge conflicts? Alice may have a high rating on site A and a low rating on site B when site C imports trust ratings from both A and B |