[messaging] twitter and github as key validators [was: Re: key validation rules for today]
meskio at sindominio.net
Tue Sep 9 13:00:12 PDT 2014
Quoting Tim Bray (2014-09-09 11:48:10)
> On Tue, Sep 9, 2014 at 9:35 AM, Daniel Kahn Gillmor <dkg at fifthhorseman.net>
> I'm afraid i don't understand the argument here. What is the use case
> 0) something is published on twitter account "foo" and i want to know
> to whom to attribute authorship.
> 1) i regularly communicate with "foo" on twitter, and i want to know
> how to communicate with the author in other communications channels.
> 2) You want to communicate with me, Tim Bray, and go looking for a key for me.
> You discover that there is a directory of keys, and you can retrieve a public
> key from it, and the corresponding private key has been used to sign a
> time-stamped tweet from @timbray and gist from github/timbray and an assertion
> at tbray.org, and because you know who I am on Twitter and github and what my
> personal domain is, and you can check the signatures, you are prepared to
> believe that that public key is appropriate for communication with me.
Yes, but I don't have any way to audit twitter or github. As dkg is mentioning
in his email you are putting them in the role of a CA without their consent.
Ruben Pollan | http://meskio.net/
My contact info: http://meskio.net/crypto.txt
Nos vamos a Croatan.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
More information about the Messaging