So @keybase is not going to bother with micro/family instances (e.g. <5 users). Great.
Careful Fediverse, "centralization"-first is coming. Or at least "large-instances-first".
Keybase recommends to use the website verification for those small instances, fine, but this won't support the encrypted messages that were proudly announced 7 paragraphs before.
@amiloradovsky Proofing the things is not difficult, but the service keybase provides and that makes it special is not the proof itself, it's the accessibility of it.
You get a link, you get a green checkmark and you get a username. Yes, all of this could be coded by anyone else, it's just that no one does.
Maybe someone with good UX skills will be bored enough to use OpenPGP.js and write one themselves using entirely free software :)
Maybe there is some kind of uid-like field we can use for that in the OpenPGP key which could link to a signed proof or similar.
Basically having something similar to keybase, but without their centralized component and without the whole zoo they build around it (messenger, git repositories, …)
Exactly. I did a proof of concept of something like that along with proof verification: https://github.com/wiktor-k/distributed-ids#distributed-ids
This works in a purely distributed way with OpenPGP and doesn’t require any proprietary tools.
The scheme is inspired by Linked Identities (https://tools.ietf.org/html/draft-vb-openpgp-linked-ids-01) that worked in OpenKeychain for some time.
instances.social lists more than 5,200 Mastodon instances. The vast majority of instances that are "up" has more than 5 users.
Besides, it is more likely that very small instances disappear, or are mostly down.
Sometimes, even medium-sized instances disappear. For example, we were on securitymastod.one before. This instance had more than 2,000 users and was shut down over night without prior notice.
keybase proves aren't that complicated, so at the end of the day, besides formal requirements (which could be automated) there is, from my perspective, no reason to not allow every instance to use it.
If not, maybe the title of the blog post is wrong, as, obviously, it's not for everyone.
It's not using Mastodon to exchange the messages, that's right, but it uses the Mastodon identity to address the the participant.
And this means keybase users on small instances won't be able to be addressed that way. It may sounds like a minor problem, but the absence of the proof also prevents you from easily validating that a keybase account is tied to a mastodon account.
Which is definitely negative for users on smaller instances.
Maybe, I can just quote keybase's own statement:
""sites which feel tiny and spammy. We don't want 10,000 partners with 5 members each; if you run, say, a family or apartment website, you don't need to do this integration. Just prove ownership of the domain in the old Keybase way, putting your family's proofs in yoursite.com/keybase.txt"
Would love it to see things not being that strict.
I won't tell anyone 😉
@sheogorath that restriction was hidden far down in the article. Almost as if they don't want you to read it. Also the teams feature seems like trying to take over the users, by providing them with a way to communicate without needing Mastodon. Anyway, who needs another silo.