Would adding the profile url as a uid on the key (in addition to publishing the fingerprint on the corresponding social media site) permit better corroborative evidence that the same person controls the key as well as the social media account?
A client could then search keys by profile url, and select keys with the profile on the key as well as a matching fingerprint on the profile web site. It can run entirely on the client using existing keyservers and social profile web sites, and doesn't rely on a new service. I've created a small client tool that does just this at https://github.com/kbsriram/keypan It isn't solo key validation by any means, but it is simple and would provide similar corroborative profile evidence that keybase.io offers [ie, someone who controls key K can publish to social account S] but without the complication of a separate service. This technique also has some handy secondary effects: - People can find your key by your social profile using existing (and distributed) keyservers. - Should you want, it's an easy way to consolidate your social personas via the key. -kb _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
