@prologic@twtxt.net I have seen single use keys that are signed by a central PKI .. Keybase has one that uses a chatbot to generate the keys on the fly.
It just comes down to your threat model :)
I would HIGHLY recommend reading up on the keybase architecture. They designed device key system for real time chat that is e2e secure. https://book.keybase.io/security
A property of ec keys is deriving new keys that can be determined to be âon curve.â bitcoin has some BIPs that derive single use keys for every transaction connected to a wallet. And be derived as either public or private chains. https://qvault.io/security/bip-32-watch-only-wallets/
Can we not have clients sign their own public keys before listing them on their Podâs account?
Yeah.. we probably could. when they setup an account they create a master key that signs any subsequent keys. or chain of signatures like keybase does.
@prologic@twtxt.net this is a go version of Keyoxide.org that runs all server side. which is based on work from https://metacode.biz/openpgp/
OpenPGP has a part of the self signature reserved for notatinal data. which is basically a bunch of key/values.
this site tries to emulate the identity proofs of keybase but in a more decentralized/federation way.
my next steps are to have this project host WKD keys which is kinda like a self hosting of your pgp key that are also discoverable with http requests.
then to add a new notation for following other keys. where you can do a kind of web of trust.
@kas@enotty.dk But then we wouldnât be a decentralized network anymore. Or do i misunderstand the nature of keybase?
@abliss@abliss.keybase.pub Iâm still just appending to my twtxt, my client signs it afterwards and uploads the signed version.
@kas@enotty.dk, @kdave@kdave.github.io I donât get it. How do i generate keys for #saltpack? Do i need #keybase to use it?