- cross-posted to:
- foss@beehaw.org
- cross-posted to:
- foss@beehaw.org
This looks like an attempt to reproduce the web-of-trust functions provided by Keybase.io. Keybase has historically been a great resource that fills the same role as the PGP/GnuPG web of trust for a much broader range of identity attestations.
An open implementation of this concept has been sorely needed since Keybase got bought and shitcanned by Zoom during the COVID lockdown. Zoom wanted to aqui-hire all the Keybase devs to boost development on their lacking encryption and security. Sadly, Keybase has basically been abandonware since then.
That is truly sad. I was, at one point, simple using Keybase as a free cloud storage.
Seems to me like this is stepping up to fill the spot that was left by Keybase
It’s very complicated. Maybe the tutorials aren’t good enough (for me). It’s nice to have a site listing your various accounts. I proved mastodon and linked matrix but that’s it. At this state, not worth the trouble (for me)
I use it. The linkable proof is in my Lemmy desc for example.
It’s cool, needs some more work and eventually integrations with it. It’s nice to have an alternative to keybase but the things around keybase still need to be created.
Btw, you can even verify your Lemmy account with it ! https://docs.keyoxide.org/service-providers/lemmy/
Neat. Thank you.
It seems completely pointless to be honest.
Who are you going to prove your cryptographic identity to? Why not just use that same (pretty flimsy) verification method they use directly with that person?
What is that “(pretty flimsy) verification method” you are referring to ? Keyoxide is basically a web-interface (and accompanying tutorials) for PGP/ASP proofs. If you and your colleage know how, it’s not for you. I do think having a “web-PGP” passport page is easier to share, especially for just non-techy people.
I mean the whole “put something in your profile/in a post” part that is pretty flimsy.
Also, non-techy people will not be able to use PGP at all, much less anything building on it that requires understanding of the trust relationships. Hell, even in a tech company we are having a hard time getting people to generate keys every couple of years.
Hence, the ability to read from a PGP key, profile proofs easily on the internet. It’s for this specific use.