Hacker News new | ask | show | jobs
by graderjs 1264 days ago
Can you use this to id people for authentication?

As in if someone pings your server and you get a key that matches their GitHub is it really that person's key or could they be doing it without having the corresponding private key?
1 comments
vkoskiv 1264 days ago
Anyone can download the public key and impersonate that person in a scheme like this.
link
notpushkin 1264 days ago
Unless you require them to authenticate using that key (which would obviously require them to have the private key on hand).
link
arjvik 1264 days ago
What you are describing is the current status quo
link