[Cryptography] keybase.io

Randy Bush randy at psg.com
Fri Jan 2 12:30:01 EST 2015

i am trying to understand keybase.io (yes, clearly i have too much free
time on my hands)

my tentative conclusion, it leverages my pgp credential to attest to
other identities, e.g. domain control, bitcoin, ...

but do you care if i control a domain or a bitcoin account?  i could pgp
sign a message attesting "my bitcoin id is ..."

what is more amusing is that the three things for which i publish
pgp signed attestation (see https://psg.com) are not covered
  o my OTR keys for xmpp
  o my root x.509 CA cert
  o the ssh fingerprints of critical hosts

a friend said

> having a way to authenticate together the online identities of folks
> could be useful.

to the nsa, yes.  but how is it useful to the users?  e.g. i do not see
a way to leverage it to solve the "first date problem," key exchange
with a new remote friend.

clue bat, please.


More information about the cryptography mailing list