Author Topic: Web of trust problems and possibility to fix them.  (Read 7554 times)

0 Members and 1 Guest are viewing this topic.

Offline CoinBrTopic starter

  • Newbie
  • Joined: Jan 2013
  • Posts: 34
  • Country: 00
  • Thanked: 1 times
  • Karma: +3/-0
  • First online MPEx broker
    • View Profile
  • #otc: jurov
  • Bitcoin Address: 1CoinBr662GWdiqVz8mXJUnYjWZbBchKAb
Web of trust problems and possibility to fix them.
« on: February 01, 2013, 11:14:42 PM »

your ads here
Just my brain dump...

It's a web

Current web of trust systems often limit themselves to +/- ratings, OTC web of trust adds possibility of short text. This leads to problems as users naturally think their goal to have the highest score. That doesn't make sense, since online identities are cheap. This can be improved by emphasizing direct and long-time trust relationships as much as possible over a simplified rating score. Also, more in-depth detailed ratings should be possible, as well as visible history.

Web of trust should not be tied to one page, should be truly decentralized peer to peer system. This also leads to need for decentralized identities. So far GPG/PGP was used, but it didn't became mainstream. But now, more and more people will have bitcoin wallets that can also be used as identities. OTC web of trust already allows for this. Also web of trust entries should be independent of any service. This can be achieved by issuing simple trust certificates, that are independently verifiable, like:
From: To: Rating:
<<Plain text - maybe in some wiki-formatting>>
Issuer cryptographic signature
The format should be simplest possible. Issuer or receiver will then publish it to a web of trust aggregator site. The site will provide nice interface for browsing and searching the web of trust. Signature will prevent changing the certificate once it is issued and having multiple independent aggregators will prevent manipulation, like selective display of certificates.

The identities are not identified by nickname but by private keys, but humans aren't very good in comparing long hash strings. So identicons should be used anywhere possible. Also, tight cooperation to other web services is needed, web of trust aggregators can provide OpenID address, and in turn collect/display public data from linked sites.

Human behavior
Humans are not fully rational beings and any service must consider it.
Retaliatory ratings - easy to spot, show them in context.
Multiple fake identities rating each other - can be prevented by web of trust graph analysis and by need for more detailed explanation why you trust someone (respecting privacy, of course). Detailed descriptions should be worth more than just "yea,solid guy" ones.
Mistakes and removing bad ratings - cryptographic revocations are not completely solved.. need gentleman agreement with web of trust aggregators that they will honor them?


Start Your Website Bitcoin Web Hosting

Started by 11eleven11

Replies: 0
Views: 34213
Last post January 18, 2015, 06:50:10 PM
by 11eleven11