I need input on this suggested #Keybase integration in Mastodon. I have provided a summary of what I know here:



@Gargron re: "without any cryptography":

Keybase is doing the "right thing" by designing their service so that users don't have to trust keybase servers at all -- they can verify cryptographically from another user's key(s) that a public "proof" was provided by that user.

They *could* do rel=me links, but that would mean that user('s client)s would have to trust that that link from keybase.io hadn't been tampered with.

(I'm not up to speed on the rest of their "proof integration" stuff, tho.)


@NfNitLoop @gargron not having to trust keybase.io to verify is definitely an advantage.

I think there might also be threats in the check-for-a-rel=me-link in that someone might be able to insert such a link into your page (for example, if you boost someone else's toot) and posting this particular cryptographic attestation provides a specific assurance that contains the whole claim.

· · Web · 1 · 0 · 1

@npd @Gargron Exactly.

And for an idea of how hacky it is without proper integration, here's how I previously "verified" my Mastodon ID:

The proof is all manual, though, so `keybase id nfnitloop` can't automatically verify my keybase identity like it can the others.

@npd @Gargron Oops, I meant "verify my Mastodon identity like it can the others."

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!