[messaging] twitter and github as key validators [was: Re: key validation rules for today]
KB Sriram
mail_kb at yahoo.com
Thu Sep 18 09:52:16 PDT 2014
Would adding the profile url as a uid on the key (in addition to
publishing the fingerprint on the corresponding social media site)
permit better corroborative evidence that the same person controls the
key as well as the social media account?
A client could then search keys by profile url, and select keys with
the profile on the key as well as a matching fingerprint on the
profile web site. It can run entirely on the client using existing
keyservers and social profile web sites, and doesn't rely on a new
service.
I've created a small client tool that does just this at
https://github.com/kbsriram/keypan
It isn't solo key validation by any means, but it is simple and would
provide similar corroborative profile evidence that keybase.io offers
[ie, someone who controls key K can publish to social account S]
but without the complication of a separate service.
This technique also has some handy secondary effects:
- People can find your key by your social profile using existing (and
distributed) keyservers.
- Should you want, it's an easy way to consolidate your social
personas via the key.
-kb
More information about the Messaging
mailing list