Revision [2224]
This is an old revision of WebOfTrust made by BrianKoontz on 2010-12-12 03:07:55.
Establishing a "web of trust" for OpenNIC servers
There is currently no way to determine the integrity of an OpenNIC server other than through interpersonal relationships, or knowledge of the OpenNIC principals that hold a high level of trust in the OpenNIC community. With the influx of people volunteering their services to run Tier 2 servers, it is becoming difficult to keep up with which servers are trusted, and which are untrusted. ("Untrusted" in this sense doesn't mean "not trusted," but rather "not enough information available to trust".) New members often ask how they know a certain Tier 2 server can be "trusted." There is probably not a deterministic answer to this. However, I believe we can use and leverage off the "web of trust" model that GPG uses to determine the level of trust one might give to a particular user's public key (i.e., "How sure am I that this key actually belongs to the user I think it belongs to?").
Before I go further, a disclaimer: I am not a cryptographer, nor am I an expert in public key infrastructure. That said, I do read a lot on the topic, and implement several levels of encryption in my own activities, so I encourage you to do the same. This is not a GPG or PKI primer. There are folks much more knowledgeable than I who have written some very good how-tos on this topic. A good place to start would be The GNU Privacy Handbook.
