I need input on this suggested #Keybase integration in Mastodon. I have provided a summary of what I know here:
@Gargron re: "without any cryptography":
Keybase is doing the "right thing" by designing their service so that users don't have to trust keybase servers at all -- they can verify cryptographically from another user's key(s) that a public "proof" was provided by that user.
They *could* do rel=me links, but that would mean that user('s client)s would have to trust that that link from keybase.io hadn't been tampered with.
(I'm not up to speed on the rest of their "proof integration" stuff, tho.)
I think there might also be threats in the check-for-a-rel=me-link in that someone might be able to insert such a link into your page (for example, if you boost someone else's toot) and posting this particular cryptographic attestation provides a specific assurance that contains the whole claim.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!