In particular, I'm wondering if Keybase's v2 key model is a good idea: https://keybase.io/blog/keybase-new-key-model
For the purposes of this thread, I don't care about the social media/domain ownership side of things, just the key management—device keys, paper keys, the bidirectional trust thing. (Maybe also the blockchain part, if it seems necessary.)
I'm interested particularly in how hard it is for both users and developers to fuck it up, from a crypto-pragmatics perspective.
@varx my first question is - how does revocation work?
@jerger My understanding is that with Keybase, revocations are published to the same Merkle DAG as keysignings, and they periodically put a pointer to the latest Merkle root into the Bitcoin blockchain.
My own preference would be to do a limited-degree floodfill, where you announce your revocation to your contacts, and they boost that revocation, out to (let's say) 3 degrees. I can imagine other approaches, too.
@varx did some documentation reading ... they did not describe the revocation process ...
@jerger I'm curious about that as well. For instance, does revocation of a link have to be done by one member of the link, or can it be done by any key in the graph? If a graph is partitioned, which side do you trust?
And revocations can be anything from precautionary "I lost my phone" to "WARNING, my laptop and phone were both compromised, but the attacker signed their own keys on first!"
Probably the correct approach is that as soon as any revocation is observed, ask the user how to proceed.
A Mastodon instance for info/cyber security-minded people.