[messaging] twitter and github as key validators [was: Re: key validation rules for today]

KB Sriram mail_kb at yahoo.com
Thu Sep 18 09:52:16 PDT 2014

Would adding the profile url as a uid on the key (in addition to
publishing the fingerprint on the corresponding social media site)
permit better corroborative evidence that the same person controls the
key as well as the social media account?

A client could then search keys by profile url, and select keys with
the profile on the key as well as a matching fingerprint on the
profile web site. It can run entirely on the client using existing
keyservers and social profile web sites, and doesn't rely on a new

I've created a small client tool that does just this at

It isn't solo key validation by any means, but it is simple and would
provide similar corroborative profile evidence that keybase.io offers
[ie, someone who controls key K can publish to social account S]
but without the complication of a separate service.

This technique also has some handy secondary effects:

- People can find your key by your social profile using existing (and
  distributed) keyservers.
- Should you want, it's an easy way to consolidate your social
  personas via the key.


More information about the Messaging mailing list