Hacker News new | past | comments | ask | show | jobs | submit login

One of the things I liked about keybase is that it pooled identity proofs from different providers. If somebody manages to replace a proof in my gihub account, other people can (independently) verify that there is something wrong.

I'm not sure if I misread the documentation, but it seems that with keys.pub each "service" offers a disconnected world. If somebody manages to publish a proof in my github account, it can trick people using keys.pub to think that's still me.

OTOH, with keys.pub I don't need to trust any server.

Am I misunderstanding something?




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: