So it becomes its own "web of trust" in a sense? Every time there is activity, it's another point for "yeah, this person is who they say they are, look at all the stuff they've verified"? That's an interesting concept, at least for casual communication (the kind I might want to keep out of the ears of Google or Twitter, probably not the kind I'd want to keep out of the ears of the government). Is there any plan to incorporate traditional keyservers into the "web" as a component in the trust model?
Additionally, doesn't the user signing the statement with his or her private key mean that you need to have his private key to really believe it? I notice on the website it states that encryption/decryption is done with client encrypted keys. If it's client encrypted presumably the signing is happening at the client and an announcement is sent to keybase stating as such. How can you trust the data your getting back from the client is trustworthy or not also compromised?
Forgive me if I'm being boneheaded here, I'm just trying to grasp this so I can say, "Yes, that makes enough sense."
Additionally, doesn't the user signing the statement with his or her private key mean that you need to have his private key to really believe it? I notice on the website it states that encryption/decryption is done with client encrypted keys. If it's client encrypted presumably the signing is happening at the client and an announcement is sent to keybase stating as such. How can you trust the data your getting back from the client is trustworthy or not also compromised?
Forgive me if I'm being boneheaded here, I'm just trying to grasp this so I can say, "Yes, that makes enough sense."