On Fri, Feb 10, 2017 at 11:49 AM, Jack O'Connor <oconnor...@gmail.com> wrote: >> (1) Keybase runs a server, so I ask the server to point me at >> Alice's latest tweet > > Yes. That saves clients from having to do discovery work, and also > gives us some options if e.g. Twitter changes something about their > URLs.
Makes sense. On the other hand, the discovery work for finding a pinned Tweet with special text (or a specially-named gist, or a well-known URL on a website) seems manageable. And if publishing public-key info like this becomes successful you would hope sites explicitly support it (e.g. like Facebook for PGP), so discovery becomes easier over time. Maybe all 3rd-party sites can't provide "statement present" and "most recent statement" guarantees, but for sites that can, the Keybase client could provide stronger assurances. > By asserting her entire sigchain in each identity proof, rather than > just one of her public keys, Alice can have many different keys on her > account without needing 3rd party proofs for each of them. She can > also completely rotate her set of keys, without updating any of her > public proofs. Note sure I follow. If the "identity proof" was just a public key fingerprint, Alice could still use that key to sign other public keys, right, and publish those signatures to Keybase? Keybase wants Alice to have different public keys for different devices, and to evolve her active set of public keys by signing new ones (and signing revocations about old ones, I guess?), and also to sign bindings for 3rd-party usernames (Twitter handles, etc). I'm wondering whether all that could be built on top of a simple mechanism that just published some public-key fingerprint to a site? For example, if it was a convention for Alice to pin a tweet: "Here is latest my public key info for <application>: <public_key_fingerprint>", would that give you everything you need? Trevor _______________________________________________ Messaging mailing list Messaging@moderncrypto.org https://moderncrypto.org/mailman/listinfo/messaging
