|
|
|
|
|
|
by ameliaquining
3180 days ago
|
|
|
You've got it backwards. The point of Keybase is to replace PGP web of trust with a more human-friendly system based on proof of control of social media accounts (and/or domain names, and/or various other things). The idea is that you tweet a message that's signed with your PGP key, then publicly register the URL of your tweet on the Keybase server. Later, when somebody requests your public key on Keybase, the Keybase client also requests that URL from the Keybase server, then scrapes it, verifies the signature, and tells that user what your Twitter handle is. That way the user knows that the owner of that private key is the same person who owns your Twitter handle. Obviously this isn't secure by itself against a compromise of your Twitter account, but if you do this with multiple social media profiles (and/or domain names, and/or various other things), then the proof of identity becomes stronger. And there are some additional security measures based on timestamping and cross-signing. Documentation: https://keybase.io/docs/server_security/following |
|
|