Hi Jon,
This is slightly off-topic but...
Heck, while you’re at it, talk to the Keybase people because they explicitly now have
Twitter, Facebook, Github and DNS identifies, along with Reddit, Hacker News, Bitcoin
addresses, Zcash addresses, and more I’m likely missing.
From what I've seen Keybase is not interested in purely OpenPGP
solution - they want to keep the data on their site [0].
And there already is I-D for "keybase but distributed" using OpenPGP -
Linked Identities by Vincent [1]. Moreover this draft is already
implemented in OpenKeychain and has verifications for Twitter, GitHub,
etc. and works really well. I think the concept is proven to be working.
(The only issue that I have with it it's that it's using experimental
UAT IDs, but because Linked IDs is just a draft it cannot get proper
assignment).
I've been experimenting on a slightly different implementation of
Vincent's concept (using User IDs and notations instead of Attributes,
and defined verification language) [2].
Also, a quote from Werner over the use of user attributes from 2017 [3]:
(...) Anyway, I think that the User
Attributes should not be extended over their use for an image. URIs can
simply be represented by plain User IDs and software can easily detected
such URIs if desired.
The need to implement UAT only adds more complexity for a questionable
purpose. Note that these image UAT were introduced due to marketing
needs of PGP or NAT and (iirc) only specified after they had been
introduced in their software.
I didn't agree with him back then, but after longer thought I changed my
opinion - user attributes do not have any fallback mechanism - either
most software supports that custom special attribute or it's practically
impossible to work with them (yes, they are supported, but displayed as
an opaque string [4]). And I say this as a person that added this packet
"by hand" and use it on my key.
(As a side note, photos could be expressed as links to images with a
hash, that would reduce the key size significantly).
On the other hand I like the "hand wavy" approach to User IDs, I think
it's underutilized :-)
Kind regards,
Wiktor
[0]: https://news.ycombinator.com/item?id=15352217
[1]: https://tools.ietf.org/html/draft-vb-openpgp-linked-ids-01
[2]: https://github.com/wiktor-k/distributed-ids
[3]: https://www.ietf.org/mail-archive/web/openpgp/current/msg08914.html
[4]:
https://keyserver.ubuntu.com/pks/lookup?fingerprint=on&search=0x653909A2F0E37C106F5FAF546C8857E0D8E8F074
--
*/metacode/*
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp