> > > > Are there any current plans to integrate Keybase.io into GnuPG at some > > point in the future? > > (ObWarning: I am not a GnuPG developer.) > > I think this is unlikely to occur. Werner's spoken out pretty strongly > against the keybase.io model, which relies heavily on social media outlets > like Facebook to provide confidence in an identity. However, few people in > the privacy community like or trust Facebook, which makes relying on > something like keybase.io problematic -- it looks too much like GnuPG is > encouraging the use of a platform (FB) that it's philosophically opposed > to. >
I think you are operating under some assumptions about Keybase that are not entirely accurate. Contrary to what you state, Keybase.io does not support Facebook as a proof destination. https://github.com/keybase/keybase-issues/issues/518 I have a pretty complete Keybase profile if you are interested to see the services they *do* currently support. Please note that many of these are not social networking platforms but also domains, DNS records, and Bitcoin accounts that I control. https://keybase.io/grempe > The counterargument is that keybase.io works just fine with several other > back-ends which are more respecting of privacy -- and if a user wishes to > trust FB, why should GnuPG refuse to honor that user's choice? True. Keybase supports a number of ways to hosts proofs currently. I imagine they will add more as they mature for those sites that can meet the requirements for hosting a proof that is public and can only be controlled by a single user. This not only allows you to find public keys for a person, but to authenticate that a person who claims to control the account on site A is provably the same person who claims to control an account on site B or a certain GPG key. You can also host proofs on your own domain as a static signed file or as a DNS record. Here is an example where I demonstrate that I control my personal website: https://www.rempe.us/keybase.txt You can learn a bit more about this here: https://keybase.io/docs/server_security/following Please also note that for most of the last year Keybase is in the midst of a transition away from using GPG keys as the primary identifier and the primary way of signing proofs. They have already moved to a model where NaCl keypairs are used to identify various devices the user controls, and then the user can sign proofs on various services with those NaCl keys. You can still add one, or more, GPG keys into this mix. https://keybase.io/blog/keybase-new-key-model Keybase is creating a form of the Web of Trust, but it does not rely on, or even require at all, GPG keys or the use of social networking services. Facebook is not supported at all.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
