[messaging] twitter and github as key validators [was: Re: key validation rules for today]

Tim Bray tbray at textuality.com
Tue Sep 9 09:48:10 PDT 2014

On Tue, Sep 9, 2014 at 9:35 AM, Daniel Kahn Gillmor <dkg at fifthhorseman.net>

> I'm afraid i don't understand the argument here.  What is the use case
> here?
>  0) something is published on twitter account "foo" and i want to know
> to whom to attribute authorship.
>  1) i regularly communicate with "foo" on twitter, and i want to know
> how to communicate with the author in other communications channels.

2) ​You want to communicate with me, Tim Bray, and go looking for a key for
me.  You discover that there is a directory of keys, and you can retrieve a
public key from it, and the corresponding private key has been used to sign
a time-stamped tweet from @timbray and gist from github/timbray and an
assertion at tbray.org, and because you know who I am on Twitter and github
and what my personal domain is, and you can check the signatures, you are
prepared to believe that that public key is appropriate for communication
with me.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140909/aefab459/attachment.html>

More information about the Messaging mailing list