[messaging] Keybase Proofs

Maxwell Krohn themax at gmail.com
Wed Nov 19 10:39:30 PST 2014


> On Nov 19, 2014, at 1:26 PM, Tony Arcieri <bascule at gmail.com> wrote:
> 
> On Wed, Nov 19, 2014 at 10:22 AM, Tony Arcieri <bascule at gmail.com <mailto:bascule at gmail.com>> wrote:
> I was thinking more of Twitter
> 
> Specifically, why not tweet a key fingerprint and linked to a signed proof instead of tweeting a signature?

The tweeted hash is computed over the key fingerprint and the signature.

The tweet is the (truncated) SHA-256 of a PGP message.  The PGP message, once
uncompressed, has 3 packets: (1) a signature header; (2) the literal data containing
a JSON object; and (3) the signature itself.

Your PGP key fingerprint is specified in packet (2), along with other stuff about your
Keybase identity and your signature chain.

I was proposing to add the SHA-2 (or SHA-3 or Shake256) of your key fingerprint to
the JSON object in packet (2), to mitigate the SHA-1 2nd preimage attacks that you proposed.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141119/73f26fff/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141119/73f26fff/attachment.sig>


More information about the Messaging mailing list