[Cryptography] keybase.io
ianG
iang at iang.org
Sat Jan 3 11:33:12 EST 2015
On 2/01/2015 17:30 pm, Randy Bush wrote:
> i am trying to understand keybase.io (yes, clearly i have too much free
> time on my hands)
>
> my tentative conclusion, it leverages my pgp credential to attest to
> other identities, e.g. domain control, bitcoin, ...
OK.
> but do you care if i control a domain or a bitcoin account? i could pgp
> sign a message attesting "my bitcoin id is ..."
>
> what is more amusing is that the three things for which i publish
> pgp signed attestation (see https://psg.com) are not covered
> o my OTR keys for xmpp
> o my root x.509 CA cert
> o the ssh fingerprints of critical hosts
>
> a friend said
>
>> having a way to authenticate together the online identities of folks
>> could be useful.
>
> to the nsa, yes.
Yes. SO one essential feature should be the ability to form these
relationships without broadcasting the info. But, due to success of
open ledger in blockchain, etc, and past successes from social networks,
the idea of publishing everything is very much in vogue right now.
> but how is it useful to the users? e.g. i do not see
> a way to leverage it to solve the "first date problem," key exchange
> with a new remote friend.
The presumption is that knowing someone's identity allows you to trust
them. This is famously leveraged to promote a little thing called SSL
and certificates, which "knowing" leads to trust in online commerce
leads to wealth & riches for some.
The world at Bitcoin large is also trying to figure out this little
thing called online commerce. In general, the presumption "knowing is
trust" is also being bandied about there.
There are two flaws here. One is "knowing what?" As you discover
above, for the "what" to be intelligent there needs to be a unified
system. This is a challenge for mainstream Bitcoin as it isn't actually
set up for the unification; hence all sorts of add-on startyps that
allow one piece of the puzzle to be collected in the hope that others
will accept that one piece belongs there.
There are more and better ideas at the Bitcoin 2.0 players: Ethereum et
al have included these ideas inside their scope, so the hope there is
that the tool can be seamlessly used for (eg) online commerce and other
apps yet to be conceived.
The second great flaw is "what happens when something goes wrong?" Which
never got answered in the past. If you're interested, I can wax on for
days on how to that, show you the blueprints, sell you my t-shirt, etc.
But, for most people at most times and for most Bitcoin startups and
most online commerce people and most participants in the old "trust
business", it suffices to say "it'll never happen to me, you're a loony,
pass on please."
> clue bat, please.
I'm sorry. Would a nerf ball suffice?
iang
More information about the cryptography
mailing list