One of the things I liked about keybase is that it pooled identity proofs from different providers. If somebody manages to replace a proof in my gihub account, other people can (independently) verify that there is something wrong.
I'm not sure if I misread the documentation, but it seems that with keys.pub each "service" offers a disconnected world. If somebody manages to publish a proof in my github account, it can trick people using keys.pub to think that's still me.
OTOH, with keys.pub I don't need to trust any server.
I'm not sure if I misread the documentation, but it seems that with keys.pub each "service" offers a disconnected world. If somebody manages to publish a proof in my github account, it can trick people using keys.pub to think that's still me.
OTOH, with keys.pub I don't need to trust any server.
Am I misunderstanding something?