[ianopolous]

Yes, a system with so many false positives will be ignored by users. Warnings should only occur if a genuine problem is detected.

Ideally we'd all use an append-only merkle log ala certificate transparency to lookup public keys. This is much harder to MITM, and you can do lookups over onion routing to make it even harder. Of course, if your identifiers have PII (like phone numbers in Signal and Whatsapp) this is not going to fly, but that's the bed they made for themselves.

[gcr]

The system you propose is exactly the design of Keybase! In fact, KB even supports proofs of real-world identities that are themselves signed on the Merkle tree, automatically periodically checked by clients. (However, this still leads to tons of false positives...)

[ianopolous]

Yep keybase was great, apart from being closed source, centralized and not having a viable business model.

[kfreds]

Oh, a fellow fan of transparency logs!

I'd love to hear what you think about a log a few colleagues and I have designed. We've tried to get to the essence of transparency logging. It's a minimalistic design, and it doesn't require trusting the log operator.

www.sigsum.org