[messaging] WhatsApp & OWS team up

[Tim Bray]

On Tue, Nov 18, 2014 at 5:11 PM, John-Mark Gurney <jmg at funkthat.com> wrote:


> > Empirically, the key exists, and it is verifiable, without consulting
> > keybase, that at certain points in time the corresponding private key was
> > in the control  of some entity that also controlled certain
> > Twitter/Reddit/GitHub accounts.
>
> Can you always delete that proof assertion for related services? and
> is it a fatal error for that proof not to be present?  i.e. prevent
> someone from using a compromised key?
>

​The assertions are Tweets and gists and DNS TXT records and text files at
Web server roots.  In this world there’s no guarantee of “always”, but
AFAIK​ they can all be deleted, yes.  There’s no such thing as a “fatal
error”; it’s more of a statistical process.  Someone deciding as to whether
or not they should trust a key can go and look at the evidence: “On June
11, the owner of that key controlled Twitter account @a and that domain
a.org.  Is that enough to convince me?”  The answer is highly situational,
depending on who you are and who you think your adversaries might be.  It
might be perfectly reasonable to ask someone to refresh a proof if it’s a
little too old and you’d like some more reassurance.




>
> --
>   John-Mark Gurney                              Voice: +1 415 225 5579
>
>      "All that I will do, has been done, All that I have, has not."
>



-- 
- Tim Bray (If you’d like to send me a private message, see
https://keybase.io/timbray)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141118/d8435d0c/attachment.html>