[messaging] Looking up public keys on public sites (was Re: Keybase Chat)

Trevor Perrin trevp at trevp.net
Thu Feb 9 15:47:58 PST 2017

On Wed, Feb 8, 2017 at 1:25 PM, Jack O'Connor <oconnor663 at gmail.com> wrote:
> We at Keybase announced our encrypted chat application today. We'd
> love to hear feedback.
> https://keybase.io/blog/keybase-chat
> https://keybase.io/docs/crypto/chat

Thanks Jack, lots of interesting things here.

One question about Keybase authentication:

As I understand it, the main idea is that users can publish a
statement about their public key on various sites (Twitter, Facebook,
Github, Hackernews, Reddit, their website), and Keybase can automate
the process of looking up these statements.  I.e., I can ask my client
"what is alice at twitter's public key", and it can figure out the

To do that it's tackling several problems:

 (1) Discovery:  Alice has a lot of tweets, how does my client know
which one contains a statement about her public key?

 (2) Recency: Alice might have tweeted about her public key multiple
times, how do I find the latest statement?

 (3) Binding: How do I know Alice isn't publishing a statement about
someone else's public key?

 (4) Size: If the statement is too large to fit into a Tweet, where is
it stored?

I think Keybase's answers are:

  (1) Keybase runs a server, so I ask the server to point me at
Alice's latest tweet

  (2) I'm less clear on this, isn't there some public log where I can
check that I'm seeing the latest info?

  (3) The published statement includes a signature by Alice's key over
the relevant username

  (4) If this published statement is too large, it can be stored at
Keybase, and Alice just tweets a hash plus URL.

That all makes sense but depends on a bunch of infrastructure (i.e.
Keybase, and whatever transparency log you are using).

I wonder how far you could solve (1) and (2) just by standardizing a
"well-known process" for retrieving public key info at various sites.
For example:

 - Twitter = pinned tweet, retrieving party just searches through pinned tweets
 - Github = gist with well-known filename, retrieving party just
searches for the filename
 - Website = well-known URL (i.e. under "./well-known/")
 - Facebook = already has a field for PGP public keys
 - Hackernews = embed in profile text (same as Keybase is currently doing?)
 - Reddit = not sure!

Issue (4) seems somewhat a result of Keybase's decision on issue (3).
I.e. if you just published a public-key fingerprint instead of
signatures, then size would be less of an issue and you'd have compact
statements that were easier to fit into Tweets, profile text, etc.

That would not prevent Alice from publishing someone else's
fingerprints, which is perhaps an "unknown key share" or "identity
misbinding" situation.  I wonder how much of a problem that really is
here, though, and whether it's worth the complexities that this adds?


More information about the Messaging mailing list