[rakoo]

There will never be a truly unique, open identification service, and that's what keybase is trying to do. Not necessarily by saying "this is who I am on keybase and will be my unique identity" but by saying "I am someone, known as X on github and Y on mastodon". The advantage of keybase is that

- Any identity on any service can (now) be linked

- There is only one protocol to do it and it is all done on the client side

Why would Mastodon (or, really, ActivityPub) be The One service when there are other, working services worth using ?

[founderling]

    Any identity on any service can (now) be linked

No need to integrate Keybase or any service for this. You just can use any place on the web as a hub and post "I am news.ycombinator.com/user?id=rakoo, I am reddit.com/user/rakoo" there. And from the others you link back to the hub. Say github is your hub then you post "I am github.com/rakoo" on HN and Reddit. This would be user readable and machine readable. And any 3rd party service like Keybase could read it. No need for the social media sites to apply at Keybase and integrate it.

[rakoo]

You _can_ do it but you would be the only one doing it, and as such it would provide little value because no one wants to do this manual dance and if you're such a minority then there will be no automated way to do it.

Keybase provides an (open!) protocol, along with (open source!) tools to do what you describe and then some (a lot of crypto stuff is needed, for instance). You can probably fork the keybase client and have your own hub at notkeybase.founderling.io if you want, so you can implement your very own idea if you so desire, and that would even be an interesting addition to the open web.

Also, you might have missed it but identity providers do not need to "apply" for keybase integration anymore: _any_ service can provide identity and link up with keybase without asking first (https://keybase.io/docs/proof_integration_guide). It doesn't even have to be a web service, so if they want any email provider can do it (although the whole linking thinking would be through http)

[coldacid]

Technically you don't need to ask first, but you still need to tell Keybase directly that you support their proof integration protocol in order to be supported from their side of the connection. Not so much a "please let me in" but rather "I'm ready to rock".

[rakoo]

Linking has to go both ways, it makes sense for the hub to vouch for it. Otherwise you have the same situation as the CAs without CTs: ie A can vouch for me, but I can't really vouch for this vouching, so another malicious B can vouch for a fake me.