[messaging] twitter and github as key validators [was: Re: key validation rules for today]
Tim Bray
tbray at textuality.com
Tue Sep 9 09:48:10 PDT 2014
On Tue, Sep 9, 2014 at 9:35 AM, Daniel Kahn Gillmor <dkg at fifthhorseman.net>
wrote:
>
> I'm afraid i don't understand the argument here. What is the use case
> here?
>
> 0) something is published on twitter account "foo" and i want to know
> to whom to attribute authorship.
>
> 1) i regularly communicate with "foo" on twitter, and i want to know
> how to communicate with the author in other communications channels.
>
2) You want to communicate with me, Tim Bray, and go looking for a key for
me. You discover that there is a directory of keys, and you can retrieve a
public key from it, and the corresponding private key has been used to sign
a time-stamped tweet from @timbray and gist from github/timbray and an
assertion at tbray.org, and because you know who I am on Twitter and github
and what my personal domain is, and you can check the signatures, you are
prepared to believe that that public key is appropriate for communication
with me.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140909/aefab459/attachment.html>
More information about the Messaging
mailing list