Keybase uses tweets and Gists instead of bios because they are timestamped unlike bios.
Linking in social media identities has the nice property of inheriting both reputation to an identity from the social network and making MITM attacks more difficult. Keybase's client uses these machine readable certifications and a human in the loop judgement if the social media key certifications are out of sync with the key server. Mostly this is the case because the user failed to complete a certification properly. An MITM attacker would need to compromise a target's KeyBase account and a target's social media accounts to effectively MITM a user using KeyBase . On Tue, Sep 9, 2014 at 9:19 AM, Tony Arcieri <[email protected]> wrote: > On Tue, Sep 9, 2014 at 9:05 AM, Tim Bray <[email protected]> wrote: > >> - If there's a publicly-accessible tweet or github gist verifiably signed >> by the private key associated with the public key, and you’re pretty sure >> you know who controls those Twitter/github accounts. >> >> > > Or: just put your key fingerprint in your Twitter/Github bio. > > -- > Tony Arcieri > > _______________________________________________ > Messaging mailing list > [email protected] > https://moderncrypto.org/mailman/listinfo/messaging > >
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
