[messaging] twitter and github as key validators [was: Re: key validation rules for today]

Mike Hearn mike at plan99.net
Mon Oct 13 11:59:30 PDT 2014


Hey KB,

I'm just replying to ensure people see your message, which was spamfoldered
by Gmail. Yahoo and mailman don't mix these days because Yahoo has a strict
DMARC policy and mailman breaks email signatures (oh the irony).

On Thu, Sep 18, 2014 at 6:52 PM, KB Sriram <mail_kb at yahoo.com> wrote:

> Would adding the profile url as a uid on the key (in addition to
> publishing the fingerprint on the corresponding social media site)
> permit better corroborative evidence that the same person controls the
> key as well as the social media account?
>
> A client could then search keys by profile url, and select keys with
> the profile on the key as well as a matching fingerprint on the
> profile web site. It can run entirely on the client using existing
> keyservers and social profile web sites, and doesn't rely on a new
> service.
>
> I've created a small client tool that does just this at
> https://github.com/kbsriram/keypan
>
> It isn't solo key validation by any means, but it is simple and would
> provide similar corroborative profile evidence that keybase.io offers
> [ie, someone who controls key K can publish to social account S]
> but without the complication of a separate service.
>
> This technique also has some handy secondary effects:
>
> - People can find your key by your social profile using existing (and
>   distributed) keyservers.
> - Should you want, it's an easy way to consolidate your social
>   personas via the key.
>
> -kb
>
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141013/6eac39d8/attachment.html>


More information about the Messaging mailing list