Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Good question! There will be no such thing as a general check, because -- for any identity -- the client software has to perform a check that a human would agree means something. For example, what does it mean that you own a certain blog? How would a person confirm it? Well, at first glance it might mean that you have the power to post a message there. But someone else could do that it in a comment, and so that wouldn't work with Keybase. So any given identity check has to match some human definition of what it means to have that identity. And it has to be publicly auditable.

With twitter, it's the ability to post a tweet under a certain username. With owning a tumblr account, it might be something similar. With your known StackExchange profile it might mean posting a statement in a specific part of your profile. And so on.

The common thread in each case is (1) that you post in a place where only your identity can, and (2) what you post is a signed statement claiming a connection among three things: (a) your keybase username, (b) your public key, and (3) the identity on that third party service. (The third one is necessary so it can't be moved elsewhere.) Note how twitter and github's are totally different, but achieving these three things.

We will build out this list of identity checks, hopefully making all kinds of them easy to do. Everything from proving you own a domain to having a tumblr or reddit accoun. The definition of those checks will all be publicly reviewable, both in the spec and in the client, which is what checks them for you.



Seems like you could get around that with a meta tag on the claimed site? Meta tags are basically never commenter-editable, and are usually owner-editable, they're basically a perfect fit for this. Alternatively there's a site/.well-known/keybase style URL (I have no idea what the best-practices are for .well-known. Personally I prefer meta tags.)

Obviously Twitter isn't likely to implement either of those, so some high-value custom implementations are still great. But if Maria owns maria.com and can assert it automatically, that's pretty strong supporting evidence.


Well, to follow up, could this be extended to ownership of a domain (via DNS txt record)? Could we use this as a means of authentication of a self-signed certificate for a domain?


Yes to DNS, though we have to be careful here since DNS can be spoofed more easily than github or twitter proofs over https. I was thinking a slightly better way to prove ownership of foo.com would be to post a proof at https://foo.com/_keybase (or something similar). To spoof this, an attacker would have to spoof DNS and also the https certificate.

Authenticating a self-signed domain certificate via keybase is a neat idea, but would probably need some browser support, unless there's a clever hack that I'm not thinking of.


Have you heared of PKA? https://grepular.com/Publishing_PGP_Keys_in_the_DNS

If you want to encrypt a message to my key, just run the following command:

  gpg --auto-key-locate pka -ea -r mike([-dot-])cardwell([-at-])grepular([-dot-])com
It will automatically look up my PGP key in the DNS, fetch it, and encrypt to it. My DNS is secured using DNSSEC so if your resolve supports DNSSEC, you can be reasonably sure that the response is trustable.

  mike@glue:~$ dig +short txt mike.cardwell._pka.grepular.com
  "v=pka1\;fpr=35BCAF1D3AA21F843DC3B0CF70A5F5120018461F\;uri=http://grepular.com/0018461F.pub.asc"
  mike@glue:~$


Well if an attacker is successfully spoofing DNS, she can spoof MX records, thus getting emails for the domain, which is the only precondition on acquiring a certificate. You're obviously adding more complexity, butt security-wise it doesn't change much


Agreed.


Not with DNSSEC, and the second part is covered by DANE.


Please remember that some blogs (and possibly other types of sites, such as Tumblrs) can be owned and managed by multiple people.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: