So here’s a hot take: we keep building Blockchain systems to replace trust, but the problem isn’t that we don’t have enough trust - it’s that we have too much and we trust the wrong people.
Proposed solution? Stop trusting people on the Internet. You have the pieces to build individual trust relationships manually - stop being lazy.
@irl no - that’s a somewhat naive system for getting other people to tell you which long lived keys to trust. Signal’s model is good - giving people the tools to trust a device and letting them choose whether and how to do that.
@grimmware @irl i have literally never verified a signal key. its way too messy. you either trust a person to manage their keys well or you don't. there's no way around this.
@irl I have! The great thing with ephemeral keys is you don’t *have* to trust a person to manage them well, especially with the kind of forward secrecy guarantees that the Signal protocol has.
With GPG you have to trust that a person will store their key safely, notice if it gets compromised, still have their revocation key and remember *yourself* to look for revocations regularly.
@irl (this sounds like I’m trying to school you but I’m not, I am interested in your opinion on this, I just always sound like I’m shouting on the internet)
@grimmware open helps with building trust so yes offline is good. But maybe we should also #reboot the #openweb :)
@grimmware So GPG web of trust then?