@kristamonster I tweeted the proof requested by command line; cmdline responds "Didn't find". No idea what's wrong :/ /cc @thanosk
@thanosk so, here's a finicky but impt question: how can I be absolutely sure you're yourself on keybase.io? Fingerprint?
-
-
@asteris and that is the whole trick. We don't need to meet at a key signing party to sign each others keys :-) -
@thanosk that's assuming Eve hasn't taken over Alice's account on Twitter. Properly, you need to xref w GPG fingerprint posted elsewhere -
@asteris well ... Elsewhere where ? They will do website verification as well at some point. -
@thanosk if you had a pre-existing GPG keychain, you probably uploaded your public key to a server at an earlier date -
@asteris true I have as well. Have no idea if it is even possible to match the two in some way really. -
@thanosk you can't really circumvent the need for a proper keysigning, which is what keybase purports to do, w.o trusted indep lookups
End of conversation
New conversation -
-
-
@asteris hmm ... Well thanosk identity in keybase is the same as thanosk as twitter. So if you know me on twitter you know me on keybase -
@thanosk I meant cross-referencing your identity fingerprint from keybase w the GPG fingerprint posted elsewhere. Humor me here :p -
@asteris hmm fingerprint I suppose even though fingerprints in theory can be faked . -
@thanosk also, keybase (the site) only displays last half of the fingerprint. All those are concerns, as trust is the whole point of keybase
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.