Hacker News new | ask | show | jobs
by gregmac 3203 days ago
Requiring the team name to be a domain name (validating that they own said domain name) seems like it would be a reasonable solution. Domains are already globally unique, already tied to organization identity, and already closely related to anything keys will be used for (software, e-mail, etc).

Someone could still spoof "companyname-corp.com" but then it's at least obvious in the same way spoofed URLs already (usually) are.
3 comments
james_pm 3203 days ago
Domain names as identity is something I would love to see happen, mostly because I have a vested interesting in selling millions of people those domain names via Hover.com

Keybase does a nice job aggregating those various identities, be it a domain name, Twitter handle, HackerNews ID. It's probably a better solution to help people/businesses establish an interconnected series of online identities that are provably the same entity.

ps. Thanks to Chris for reserving some of the more common team names including hover and making sure we could get our hands on it.

link
proactivesvcs 3203 days ago
What if neither Alice nor Bob have a domain name? What happens if the domain name is dropped, transferred to a third party, suffers a dispute etc?
link
zokier 3203 days ago
Keybase could just offer free subdomains from a domain owned by Keybase for people who don't have their own domains.
link
alexeldeib 3202 days ago
This actually seems like a remarkably elegant solution to the above problem. I'm hesitant to make it domain linkable though. A cool kind of solution to ambiguity would be a graph network, say "join team X with members X,Y" to identify the team uniquely. And that is referenced to the people you're linked to on keybase, and the groups they're in. If a group by the same name exists with the same named people, it shouldn't be picked over the correct group, and if it were, you would be rejected from joining the team.
link
LeoPanthera 3203 days ago
What happens if you forget to renew your domain name, or someone steals it by the trademark rules? Would that person then gain access to your encrypted chat?
link
WorldMaker 3203 days ago
If it's just a pointer to a merkle root for the admin chain then they don't get access to the encrypted chat, they'd still have to request access from an existing user.

You could simulate that today by say creating a weird named team (say random GUID), adding a text file like .well-known/keybase-team.txt on the domain with that team name, and then encouraging people to sign up via something like:

    keybase request-access `http GET http://example.com/.well-known/keybase-team.txt`
link