> When she someday establishes keys, and cryptographically proves her Twitter account, the Keybase servers will ping my apps and ask for me to make available the decryption key to her. My app will check the signed statement from myself, check her tweet, make sure the proof is valid, and then send the decryption keys to her, encrypted for her device keys.
> Keybase is not a trusted man-in-the-middle here, and no one else has keys. The only weak link here is Twitter: my assertion is like this, in English: “once someone who owns the @billieeilish Twitter account publicly proves a Keybase connection, I'll unlock it.” If Twitter gives that account to someone else or takes control of it, I'll be trusting Twitter's answer. @billieeilish is not yet a human. She's a Twitter account.
That seems decent at first pass. Keybase could maliciously not notify about her joining keybase, but everything after that seems like it follows a cryptographic path.
Is your concern that their code is improperly implemented (which seems the concern cited for triplesec)? I'm not seeing the abuse risk. Any pointers?
> Keybase is not a trusted man-in-the-middle here, and no one else has keys. The only weak link here is Twitter: my assertion is like this, in English: “once someone who owns the @billieeilish Twitter account publicly proves a Keybase connection, I'll unlock it.” If Twitter gives that account to someone else or takes control of it, I'll be trusting Twitter's answer. @billieeilish is not yet a human. She's a Twitter account.
That seems decent at first pass. Keybase could maliciously not notify about her joining keybase, but everything after that seems like it follows a cryptographic path.
Is your concern that their code is improperly implemented (which seems the concern cited for triplesec)? I'm not seeing the abuse risk. Any pointers?