I need input on this suggested integration in Mastodon. I have provided a summary of what I know here:



@Gargron re: "without any cryptography":

Keybase is doing the "right thing" by designing their service so that users don't have to trust keybase servers at all -- they can verify cryptographically from another user's key(s) that a public "proof" was provided by that user.

They *could* do rel=me links, but that would mean that user('s client)s would have to trust that that link from keybase.io hadn't been tampered with.

(I'm not up to speed on the rest of their "proof integration" stuff, tho.)

· · Web · 2 · 0 · 0

@Gargron I'm not a Keybase expert, but I'm a fan. I'm keybase.io/nfnitloop if you want to chat about it. Or, pop into the `keybasefriends` team on Keybase to find lots of folks (and some employees) to help talk through stuff. :)

@NfNitLoop @gargron not having to trust keybase.io to verify is definitely an advantage.

I think there might also be threats in the check-for-a-rel=me-link in that someone might be able to insert such a link into your page (for example, if you boost someone else's toot) and posting this particular cryptographic attestation provides a specific assurance that contains the whole claim.

@npd @Gargron Exactly.

And for an idea of how hacky it is without proper integration, here's how I previously "verified" my Mastodon ID:

The proof is all manual, though, so `keybase id nfnitloop` can't automatically verify my keybase identity like it can the others.

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!