I'm increasingly convinced that decentralized identity and Web of Trust are the next big things after Bitcoin. What are the best resources for learning more about Web of Trust? Particularly applied to Nostr. Bounty below :)
Discussion
Even better, who’s experimenting with building a Nostr WoT right now?
Coracle
wikifreedia.xyz
This seems like a hype topic, maybe you might be interested in this
Yea this is awesome! Thanks 🙏
WoT is an old old thing. There's lots to do and a universe of opportunity.
So much as been said about the web of trust for the past 30 years, where do I even begin? I expect you're read the wikipedia article and are familiar with PGP key signing parties. If not, start there.
Material from the 90s is outstanding on this topic, though hard to find with modern searcch engines, which prefer new content to old. Also, much of it was never on the internet, and that which was often appeared on sites that are long gone. I did a quick search of 2600 and phrack and didn't come up with anything, but I expect this is a search failure, not a failure of those publications to carry such content. The closest I found was this https://store.2600.com/products/hope-number-six-2006-breaking-down-the-web-of-trust-download
Hal Finney wrote a little piece on the topic https://nakamotoinstitute.org/library/pgp-web-of-trust-misconceptions
The w3c has their decentralized identifiers (DID), which actually looked pretty good when I briefly looked into them. https://www.w3.org/TR/did-core/
You should also be aware of what the skeptics and critics are saying.
HOPE 2020 - A Death Blow to the Web of Trust https://infocon.org/cons/2600/HOPE%202020%20(2020)/
There's an argument that the WoT both tries to break free from reliance on the government but also depends on the government. I don't agree with this, but it's absolutely something you should be aware of. https://link.springer.com/chapter/10.1007/978-3-031-10183-0_4
If you want to go beyomd the basics, there's lots of material on roots of trust, some of which are in hardware, and the problems with said hardware. FWIW, the web of trust never went away. It's been used in many systems since **at least** the mid 90s. A good search term is PKI or public key infrastructure, perhaps combined with the buzzwords "zero trust".
If I come across any of the older materials, I'll point you to them. If you have any questions about trust models, threat models, PKI, or cryptography in general, post 'em and tag me and I'll help you out.
I've seen some people talk about being spoofed on Nostr. Someone copies their name, profile picture, and perhaps bio, but of course they have a different key and thus a different npub.
I don't really have a solution to this, but if you wanted to see how people made sure they were talking to who they thought they were taking to (without trusting any centralized website), here's how it was done in the past.
I use who I follow on nostr as a sort of web of trust. I am trusting them to post things that are interesting, informative, thought provoking of some other quality I might want a post to have for me to consider it "good". If they post some racist nonsense, I revoke that by unfollowing them. If they boost junk like that I can block the poster and eventually unfollow the booster if they're a repeat offender.
So in my mind, we kinda already have the WoT on #nostr, and to be honest, all social media.