On Tue, Nov 18, 2014 at 5:11 PM, John-Mark Gurney <[email protected]> wrote:
> > Empirically, the key exists, and it is verifiable, without consulting > > keybase, that at certain points in time the corresponding private key was > > in the control of some entity that also controlled certain > > Twitter/Reddit/GitHub accounts. > > Can you always delete that proof assertion for related services? and > is it a fatal error for that proof not to be present? i.e. prevent > someone from using a compromised key? > The assertions are Tweets and gists and DNS TXT records and text files at Web server roots. In this world there’s no guarantee of “always”, but AFAIK they can all be deleted, yes. There’s no such thing as a “fatal error”; it’s more of a statistical process. Someone deciding as to whether or not they should trust a key can go and look at the evidence: “On June 11, the owner of that key controlled Twitter account @a and that domain a.org. Is that enough to convince me?” The answer is highly situational, depending on who you are and who you think your adversaries might be. It might be perfectly reasonable to ask someone to refresh a proof if it’s a little too old and you’d like some more reassurance. > > -- > John-Mark Gurney Voice: +1 415 225 5579 > > "All that I will do, has been done, All that I have, has not." > -- - Tim Bray (If you’d like to send me a private message, see https://keybase.io/timbray)
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
