|
|
|
|
|
|
by qqii
2242 days ago
|
|
|
That sounds really interesting, would you be willing to share a link to the message board so I can see what your account creation process looks like? The other most common place I've seen PGP used as an account identifier are in darknet markets, where users are warned to use a GPG binary from a trusted source and against whatever serverside system that was built for ease of UX. Related to the issue that swiley mentions, I'm not really sold that attributing the user to a string of digits is good UX, whereas I like how keybase puts a distinction between identity and secrets. A "keybase proof" simply shows that at some point a singular identity had access to a multitude of accounts, but has no guarantees about the current account holders. This may seem like a negative but shifting the responsibility onto account holders to protect their secrets
is more reasonable than assigning the identity of an individual to a single, long term secret [0] or deal with key transition. [0]: https://latacora.micro.blog/2019/07/16/the-pgp-problem.html#... |
|
|
js required for key generation