[messaging] twitter and github as key validators [was: Re: key validation rules for today]

Tim Bray tbray at textuality.com
Tue Sep 9 15:00:14 PDT 2014

Well, you mentioned UX; by coincidence, that’s what I’m working on.  I’m
doing some work on OpenKeychain, a key/crypto manager app for Android.  I’m
adding a “cloud search” tab that searches the existing keyserver network
and Keybase, in parallel.  If I search for “Tim Bray” I get
https://www.tbray.org/tmp/tb-keys.png - two of the keys are from
keyservers, one from Keybase.  Not all are for me.

Maybe more interesting, if I check for “Dominik Schürmann” I get
https://www.tbray.org/tmp/ds-keys.png - it’s searched both sides, found the
same key in both places, and merged the ancillary information.

This isn’t quite released yet: My next work is to allow the Android user to
double-check the proofs.

I hasten to add: We’re making this up as we go along. If you think you see
something terribly wrong, you probably do.

Also: To anyone curious about keybase,  I have tons of invites.

On Tue, Sep 9, 2014 at 2:35 PM, Tony Arcieri <bascule at gmail.com> wrote:

> On Tue, Sep 9, 2014 at 2:18 PM, Daniel Kahn Gillmor <dkg at fifthhorseman.net
> > wrote:
>> I'm not convinced that's what is novel about keybase.io, but i do think
>> it's tricky to put your finger on what exactly keybase.io is offering
>> that people find appealing.
> I'm confused as well. Perhaps it's simply their visual design.
> I think Keybase is in some sort of uncanny valley where it makes the PGP
> experience prettier but not necessarily that much easier, especially for
> novice users. As soon as you ask people to download and install a
> command-line utility you've just lost most of the human population.
> That said, the UX of existing keyservers is horrendous. For technical
> users, I think Keybase does improve aspects of keyserver UX.
> This is, again, why I'm more excited about systems in which a user's
> service provider publishes keys on their behalf, provided there are checks
> in place to help people detect if the key directory is being dishonest
> about their key. These systems seem like they can be mostly transparent for
> your average, non-technical user, which is the main thing I think is needed
> right now.
> --
> Tony Arcieri

- Tim Bray (If you’d like to send me a private message, see
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140909/b5c6efed/attachment.html>

More information about the Messaging mailing list