

Ask HN: Social sites should add field for public signatures in profiles - dorfsmay

TL;DR:<p>&quot;Social Websites&quot; should add fields for public crypto keys such as GPG.<p>Problems:<p><pre><code>  * no easy way to communicate securely with random people on the internet.

  * PGP, GPG etc... rely on people signing each others&#x27; keys, which doesn&#x27;t work if there is no &quot;network overlap&quot; between you and the person you want to communicate with.

  * there are public listings of keys, but anybody can publish a fake key, that is why you are supposed to rely on key siging (and remove old keys). e.g.: These are obviously not all RMS&#x27;:  http:&#x2F;&#x2F;pgp.mit.edu&#x2F;pks&#x2F;lookup?search=richard+stallman

  * in 2015, alt&#x2F;internet identities are sometimes as important, if not more, than real human identities. I don&#x27;t care who&#x27;s behind a github repo, still I might need to communicate securely to them about a security hole in their code.

  * it&#x27;s a big world, I often want to communicate with people I have never met and with whom I have no &quot;network overlap&quot;.

  * existing attempts at solutions obviously aren&#x27;t working. I have invited all my friends, their dogs, and their cats to https:&#x2F;&#x2F;keybase.io, less than a handful have added their key to it.
</code></pre>
Solution:<p>&quot;social websites&quot; should add fields for PGP&#x2F;GPG and other crypto public signatures. Any website that has user ids that are now considered as internet identity should add these, so HN, reddit, twitter, lobste.rs, linkedin, google plus, facebook etc...<p>Some already allow for ssh public keys (e.g.: https:&#x2F;&#x2F;api.github.com&#x2F;users&#x2F;dorfsmay&#x2F;keys, and you cannot encrypt a message larger than the key with an ssh public key in case you wondered), why not add other keys? This should be simple.
======
detaro
First question that comes to mind: if people don't use keybase.io, why would
you think that they'll use and update dedicated fields on each website?

(I agree, direct support instead of going over a central page would be nice,
but I don't think it would do much to fix adoption)

