
Keybase's new Proof Integration Guide - xdrixxyz
https://keybase.io/docs/proof_integration_guide
======
malgorithms
Oh, wow, this jumped the gun for us. We weren't expecting to announce this
until next week! It's also in a bit of a draft form, and we expect to improve
this integration guide as we add partners.

Keybase's view: identity on the Internet should not be just about Twitter,
Facebook, and the other superpowers. Your membership to any site might be
meaningful to other people, whether that membership is to something small like
a phpBB forum about motorcycles, or something big like LinkedIn or Etsy.
Often, the smaller the community, the more meaningful and close-knit
membership is. And the more that community might want access to secure tools
such as Keybase. If you're on the forum, you might _really_ need to reach out
to another user of that forum, securely.

It might be a good time to mention that Keybase is looking to hire an Identity
Evangelist[1]. This would be someone with a tech background (i.e., from the HN
crowd), who has great presentation skills and experience, and who wants to
help other sites and apps integrate with Keybase.

[1] [https://keybase.io/jobs#evangelist](https://keybase.io/jobs#evangelist)

~~~
eridius
Why does Keybase allow a single remote identity to link to multiple Keybase
accounts, but does not allow one Keybase account to link to multiple remote
identities (on the same service)? If I run multiple Twitter accounts, I don't
see why I shouldn't be able to link them all to my Keybase profile.

~~~
gervase
I think this might be a side effect of the Keybase UI, not the service itself.
If you interact with the APIs directly and look at the JSON, you can see that
at a high level the proofs are a dict, with each service as the key, and the
value is an array aggregating several proofs. You could therefore potentially
have several Twitter proofs associated with different accounts ("nametags")
that could then be presented all together if someone wanted to tie all those
accounts to your identity.

I only skimmed TFA, so I'm not sure what the process would be like for
actually validating those proofs, but the backend datastore seems like it
wouldn't have a problem, at least.

~~~
eridius
The new Proof Integration Guide explicitly says that a Keybase account can
only be linked to a single identity on your identity service (but that you can
link multiple keybase accounts to that same identity if you want to).

------
lousken
Totally off-topic but if someone from keybase can answer ... since keybase
finally added chat history search it's only missing two features for me -
responsive design(if you make the main window small then the left menu and
especially contacts list don't scale and you end up with small chat and these
two huge panels on the side) and dark theme.

=> Any plans to focus a bit more on GUI?

------
dcbadacd
This is really cool and I really like the keybase idea, however it's really
hard to get people to convert from say Telegram or FB Messenger - the features
are so on-par even the lack of dark theme is a deterrant. Point being that I
hope you/they implement the most commonly used features other messaging
systems have in order to make conversion possible.

------
jwr
Keybase had so much potential for identity management, but decided to build an
overly-complex invasive app (menu-bar resident app, anyone?) which never
actually worked for me.

It seems that the complexity overwhelmed the team: I recently tried to add a
reddit identity and even that failed.

I would really like a more limited feature set, which works reliably.

~~~
LeoPanthera
If your bar for "overly-complex" is "has a menu bar icon", your standards are
far too extreme to be useful.

------
Leace
Will this always require manual step of sending the proof config to Miles or
is there some automation planned? (e.g. scanning of /.well-known file or
something like that)

------
gluecode
I wish Keybase has a second factor for authentication.

~~~
dcbadacd
It does by the fact that you trust your new device on first use to be yours.
You can wipe application data once you close the app if you want to go trough
2FA every launch.

~~~
munchbunny
Does that mean you go through an extra authentication flow to enroll the new
device? Otherwise it's not 2FA, it's just telling you after the fact that
someone got into your account.

~~~
rodonn
Yes you have to authenticate any new devices from one of your existing
devices.

~~~
gluecode
Last week, I logged into Keybase from a brand new iPad without any
authentication challenge from a trusted device. As far as I can tell, there is
no second factor.

~~~
DuskStar
Did you use a paper key?

~~~
gluecode
Just used username and password.

~~~
DuskStar
That's weird. Almost all the nodes on your graph are signed by your PGP key
'F155E778FA657400' or the paper key 'above sleep'. The rest were signed by
other devices, or were the original node...

[https://keybase.io/gluecode/graph](https://keybase.io/gluecode/graph)

