(blog.pypi.org)

72 points harporoeder | 3 comments | 17 Oct 24 20:03 UTC | HN request time: 0.57s | source

1. aborsy ◴[18 Oct 24 01:55 UTC] No.41875702[source]▶

>>41873215 (OP) #

What’s the current best solution for associating a public key to an identity or person?

This is not related to cryptography protocols.

OpenPGP key server verifies email. Keybase was a good idea but seems dead. Maybe identity providers?

replies(2): >>41875876 #>>41877177 #

2. woodruffw ◴[18 Oct 24 02:30 UTC] No.41875876[source]▶

>>41875702 (TP) #

> Maybe identity providers?

That's essentially all Sigstore is: it uses an identity provider to bind an identity (like an email) to a short-lived signing key.

3. bramhaag ◴[18 Oct 24 07:44 UTC] No.41877177[source]▶

>>41875702 (TP) #

There is also Keyoxide[1]. The goal is similar to Keybase (online identify proofs), but Keyoxide uses a decentralized approach where the identity proofs are stored on the key themselves.

[1] https://keyoxide.org

↑

Removing PGP from PyPI (2023)