Bitcoin Forum
December 03, 2016, 09:51:33 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: [ANNOUNCE] Global Web Of Trust Standards Workgroup  (Read 1252 times)
PLATO
Sr. Member
****
Offline Offline

Activity: 277


Subversive


View Profile WWW
May 05, 2011, 08:31:14 PM
 #1

The bitcoin community (and internet as a whole) will benefit if we can create a truly global web of trust.

As Bitcoin grows, more services will be based on trust. Maybe we'll see a classifieds site (BitListings?) where you're willing to ship your junk across the country in exchange for bitcoins to trusted parties. Maybe "CryptNet" from The Diamond Age will show up. Exchangers (e.g. Coinpal -otc) are already using trust-based systems.

The workgroup will oversee the creation of a standard to allow all of these systems to interact. The primary goal is to decide on an API that will allow sites to share their trust data. Some sites will opt to keep their trust data internal, which is fine. However, the advantage of creating a global web of trust is that your -otc ratings will show up when you use BitListings. This would help solve a lot of trustability problems.

I've purchased some web hosting which is currently located at bitcoin.subvert.me. It's still empty.

I've set up a mailing list to start hashing out the low level details (like what to put on the site.) Join the list by emailing bitcoin-join@subvert.me and leave by emailing bitcoin-leave@subvert.me. Emails sent to bitcoin@subvert.me will go to the whole list. You can set an option to receive a single daily digest email here. We can use a lot of different opinions - users, developers, site owners are all encouraged to help us create the best possible system.

BTW - I have never created a standard before, if you have experience with this, your input will be especially valuable.
PLATO
Be very wary of relying on JavaScript for security on sites such as blockchain.info and brainwallet.org. The site can change the JavaScript at any time unless you take unusual precautions, and browsers are not generally known for their airtight security.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480758693
Hero Member
*
Offline Offline

Posts: 1480758693

View Profile Personal Message (Offline)

Ignore
1480758693
Reply with quote  #2

1480758693
Report to moderator
1480758693
Hero Member
*
Offline Offline

Posts: 1480758693

View Profile Personal Message (Offline)

Ignore
1480758693
Reply with quote  #2

1480758693
Report to moderator
Garrett Burgwardt
Sr. Member
****
Offline Offline

Activity: 350



View Profile
May 08, 2011, 06:31:00 PM
 #2

I don't have much experience either but I'm certainly willing to help out.

One thing I'd say is critical to have is an easy way in and out. Nanotube will vouch for me being the most vocal about how much a pain in the ass GPG is for people who aren't running linux or a specific irc client. Maybe a database that will send your credentials for you given the password to the gpg key?

Anyway, I'm on the mailing list.
Matt Corallo
Hero Member
*****
expert
Offline Offline

Activity: 751


View Profile
May 08, 2011, 06:51:07 PM
 #3

One thing I'd say is critical to have is an easy way in and out. Nanotube will vouch for me being the most vocal about how much a pain in the ass GPG is for people who aren't running linux or a specific irc client. Maybe a database that will send your credentials for you given the password to the gpg key?
Totally agree, its a real shame gpg is so hard to get going on Windows but it is so ideal for situations like this...maybe working on a better gpg for windows is the first step to this Wink.

In any case, it is also important to strictly define how trust is given.  Arbitrary numbers don't always work so well (see -otc's 1 == I made a trade for 100 BTC or I sent someone 1 BTC and they sent it back).  Also, trust is given in different areas and doesn't necessarily cross over.  For the next release of bitcoin (0.4.0) the build system will be made distributed and based on trust assigned to the gpg keys of various developers who build and sign a bitcoin binary deterministically, just because I'd trust someone on a 1000 BTC transaction doesn't mean I would trust them to build bitcoin safely, I might only trust someone with a 1 BTC transaction, but I know they would never sign something which they put a virus in. 

Bitcoin Ubuntu PPA maintainer - donate to me personally: 1JBMattRztKDF2KRS3vhjJXA7h47NEsn2c
http://bitcoinrelaynetwork.org maintainer
PGP ID: 07DF 3E57 A548 CCFB 7530  7091 89BB B866 3E2E65CE
error
Hero Member
*****
Offline Offline

Activity: 574



View Profile
May 08, 2011, 06:52:46 PM
 #4

Interested in following this, but words cannot describe how much I despise the mailing list format, especially for anything vaguely important.

15UFyv6kfWgq83Pp3yhXPr8rknv9m6581W
Vasili Sviridov
Member
**
Offline Offline

Activity: 104


View Profile WWW
May 08, 2011, 07:58:46 PM
 #5

Actually, getting GPG on windows is not that bad, albeit being bit roundabout. Just install Mozilla Thunderbird and the install Enigmail plugin for it.

1JHYtsmsGq2McwGHmWayVjVtHds8rp1R5
Garrett Burgwardt
Sr. Member
****
Offline Offline

Activity: 350



View Profile
May 08, 2011, 09:54:10 PM
 #6

There's a very easy way to /install/ gpg on windows.

The problem comes from authing taking multiple copy and pastes which is a huge hassle, and it is also just a daunting task for many people who aren't computer savvy.
Cryptoman
Hero Member
*****
Offline Offline

Activity: 728



View Profile
May 09, 2011, 03:02:19 AM
 #7

You could also sign up for an email account with hushmail and use their GPG tools.

"A small body of determined spirits fired by an unquenchable faith in their mission can alter the course of history." --Gandhi
PLATO
Sr. Member
****
Offline Offline

Activity: 277


Subversive


View Profile WWW
May 09, 2011, 04:33:11 AM
 #8

Interested in following this, but words cannot describe how much I despise the mailing list format, especially for anything vaguely important.

The only real purpose of the mailing list is to figure out how to manage the project. (e.g. what's the best way to communicate, what tools to use?)

Pasting from the (only) message I've sent to the list so far:

Quote from: PLATO
One of the first things we need to do is set up a project tracking
website to keep everything efficient. I just purchased hosting for
4btc/mo from soulacehosting.net and have set up the site
http://bitcoin.subvert.me. What should go there? Git repos? Trac?

The initial goal of this project as  is to come up with a standard,
or set of standards, governing webs of trust. The WOT model
is really useful in a lot of different contexts, and one of the neat
things about them is they're exportable. #bitcoin-otc's databases are
public, here: http://bitcoin-otc.com/otc/  They use GPG keys as
identities, with a meta layer on top of that (viz. rating and a
comment). This data could easily be exported as plaintext and imported
to any site that wanted to initialize or update their trust database.

Some initial thoughts:
-If many sites all publicize their ratings, they can create a truly
global web of trust and everyone benefits. if everyone keeps their
data private (or simply inaccessible), everyone loses
-Sites may have different internal implementations, but should use a
JSON or similar API to share trust data
-Design to allow crypto schemes other than GPG
-Draft some ways to audit public trust DB's. This way we can detect
site owners tampering with ratings (maybe the site operator signs each
rating)
-How to deal with merge conflicts? Alice may have a high rating on
site A and a low rating on site B when site C imports trust ratings
from both A and B
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!