Web of Trust

John Kenney
Posts: 94
Joined: Sat Mar 29, 2014 2:20 pm
os: linux
Location: Sheffield, England
Contact:

Web of Trust

Post by John Kenney »

I'd like to add web of trust style validation to records stored in Namecoin. Not totally sure how yet, so I'm asking for suggestions.

Here are my desired features (this is not an exhaustive list). Maybe it wont be possible to have all these features without big changes, but the main feature should be fairly easy to add.
  1. Ability to store a validation or invalidation for any individual piece of data another stored in another person's record (under d/ or id/ or other future namespaces). This should be a numeric score (which could also be negative) to indicate the validators confidence in their validation.
  2. Ability to link an individual validators validations together, so that an analysis on how accurate each individual validator is could be performed.
  3. One validation per validator per name, which can be updated, only the last update is used.
  4. A small network fee per validation.
  5. Time of each validation should be stored.
  6. 'Validations' of data that doesn't already exist as a record in another namespace shouldn't be accepted by nodes or miners
Last edited by John Kenney on Thu Apr 24, 2014 12:02 pm, edited 1 time in total.

John Kenney
Posts: 94
Joined: Sat Mar 29, 2014 2:20 pm
os: linux
Location: Sheffield, England
Contact:

Re: Web of Trust

Post by John Kenney »

I was thinking it'd need a new command or two adding to namecoind to achieve this.

Jeremy Rand suggested to me yesterday that it could possibly be done in a new name space, without any core changes. I'm not sure every feature I want could work like that, but the main feature should be possible. It'd be an easy start for testing at least, so I'd like to make a start on that.

phelix
Posts: 1634
Joined: Thu Aug 18, 2011 6:59 am

Re: Web of Trust

Post by phelix »

Great!

You might want to check out this thread and the link to nanotube's paper:
http://forum.namecoin.info/viewtopic.php?f=5&t=1522

I think it would be best to link d/ or id/ names to wot/ names so that we don't get the wot/ namespace squatted (wot/ namespace names should be without value).

Check out NMControl - it includes the base for a httpGUI and might be a good starting point in general as it can make use of plugins.
nx.bit - some namecoin stats
nf.bit - shortcut to this forum

John Kenney
Posts: 94
Joined: Sat Mar 29, 2014 2:20 pm
os: linux
Location: Sheffield, England
Contact:

Re: Web of Trust

Post by John Kenney »

My idea is a little different to nanotube's, I just want to validate each piece of data stored & assign a value for how likely it is to be accurate, rather than create a reputation system for how trustworthy people are in OTC trades. There is some crossover, maybe other keys could be added to id/ for reputation later once the scoring/voting system is sorted out for simpler things like validating email addresses.

Jeremy suggested using ver/ (for verification), I'm not too concerned over the name of the namespace, but he said the format could be...

ver/[namespace]/[name]/[nonce]

Possibly the [nonce] could be replaced with an id from id/ to make it non-anonymous, so verifiers could be tracked. This could make attacks easier to detect & mitigate, votes could be weighted in client software depending on who voted & their past history.

phelix
Posts: 1634
Joined: Thu Aug 18, 2011 6:59 am

Re: Web of Trust

Post by phelix »

Hmm, is there any particular reason why you want to split trust in people (nodes) and data pieces? It sounds like much more work and blockchain bloat.
nx.bit - some namecoin stats
nf.bit - shortcut to this forum

John Kenney
Posts: 94
Joined: Sat Mar 29, 2014 2:20 pm
os: linux
Location: Sheffield, England
Contact:

Re: Web of Trust

Post by John Kenney »

phelix wrote:Hmm, is there any particular reason why you want to split trust in people (nodes) and data pieces? It sounds like much more work and blockchain bloat.
I'm not sure where you got that idea from. I want to have individual trust metrics for each separate piece of data stored, a generic mechanism that can be applied to anything. It could be verifying an email address belongs to the owner of an id, that a .bit address resolves to a working site & verify the verifiers too - 'this verifier makes accurate verifications', later the same mechanism could be used for wider reputation - 'this website wont try to harm your computer', 'this person is an honest trader', etc, they'd just need another key stored which could be verified. I just want to concentrate on what should be easily verifiable facts first.

Verifying the verifiers is a natural progression of web of trust, to help against the obvious problems in over simplified WoT systems that you see on popular websites, like Sybil attacks. It'll allow vote weighting & give the verifier a transparent reputation to try to build and keep.

If we have each verification linked to an id then it helps against blockchain bloat, rather than having every verification stored with a random nonce, it'd make it easier for people to update their verification rather than having bad software spamming multiple verifications. It'd make it easier to detect attacks. We'd just need a boolean value added to id/ that would get it's own trust metric in wot/

John Kenney
Posts: 94
Joined: Sat Mar 29, 2014 2:20 pm
os: linux
Location: Sheffield, England
Contact:

Re: Web of Trust

Post by John Kenney »

I want something like

wot/[namespace]/[name]/[verifier id]

but the verifier id needs to be enforced somehow so that people can't fake other's verifier id.

This would allow a weighted voting system, based on the weight the verifier gives their vote & the weight given to the verifier based on their past verifications. It'd help to combat verification spam.

If it was totally anonymous verifications I think it'd invite spammers to spam thousands of verifications for their own names.

It should be easy to query what verifications a verifier has made, as well as all the verifications for each name.

phelix
Posts: 1634
Joined: Thu Aug 18, 2011 6:59 am

Re: Web of Trust

Post by phelix »

John Kenney wrote:I want something like

wot/[namespace]/[name]/[verifier id]

but the verifier id needs to be enforced somehow so that people can't fake other's verifier id.

This would allow a weighted voting system, based on the weight the verifier gives their vote & the weight given to the verifier based on their past verifications. It'd help to combat verification spam.

If it was totally anonymous verifications I think it'd invite spammers to spam thousands of verifications for their own names.

It should be easy to query what verifications a verifier has made, as well as all the verifications for each name.
It might be possible to do something like that with signatures.

But why not simply crosslink / cross reference the wot nodes and then find a path from you to some other node?
nx.bit - some namecoin stats
nf.bit - shortcut to this forum

John Kenney
Posts: 94
Joined: Sat Mar 29, 2014 2:20 pm
os: linux
Location: Sheffield, England
Contact:

Re: Web of Trust

Post by John Kenney »

Jeremy also suggested using signatures & the signer field in id, along with a nonce value in the wot name. I think that's probably how it'll have to be done.

I'm not sure what you're talking about with wot nodes, please explain.

phelix
Posts: 1634
Joined: Thu Aug 18, 2011 6:59 am

Re: Web of Trust

Post by phelix »

John Kenney wrote:Jeremy also suggested using signatures & the signer field in id, along with a nonce value in the wot name. I think that's probably how it'll have to be done.

I'm not sure what you're talking about with wot nodes, please explain.
wot0: "wot1 is me"
wot1: "wot0 is me"
--> wot0 and wot1 are linked.
nx.bit - some namecoin stats
nf.bit - shortcut to this forum

Post Reply