how to prove on a site where I have my area, but am not the root admin of

keybase / keybase-issues

A single repo for managing publicly recognized issues with the keybase client, installer, and website.

899 stars 37 forks source link

how to prove on a site where I have my area, but am not the root admin of #1103

Open ralfhauser opened 10 years ago

ralfhauser commented 10 years ago

Currently, per site, only one proof appears to be possible. This leaves out millions of users who command not over an entire site, but just a fraction of a site. Please add the possibility for multiple proofs per site.

Then for example the supreme court of switzerland could add its web-proof. https://www.privasphere.com/kanzlei@bger.ch

or many other "SuisseID"-identified lawyers.

I guess this idea is somewhat similar to https://github.com/keybase/keybase-issues/issues/977 Solutions: 1) It would be great if I not only could specify the site, but also a deep link. 2) I guess the URL to accommodate multiple users per site could also be generically be set - e.g.

example.com/keybase?you@domain.tld or example.com/keybase?io=ralfhauser (my name at keybase.io) example.com/keybase?fingerprint=B7BE9E337AA09FA58D3A 97182A20188E87826F38

I probably would even list multiple sites in my proof.

ghost commented 10 years ago

Having multiple users verify one domain is already possible (see for example the proof of keybase.io which both max and chris verified). You only need to to append the proofs one to another.

Using a custom url may not be that wise since there are a lot of sites where you can add stuff without owning the site. (reddit, facebook, and you can often directly link to comments in blogs where you don't need to be registered at all)

ralfhauser commented 10 years ago

Understood - if you have hundreds or even thousands of users, does that concatenation scale?

ghost commented 10 years ago

Why should users be able to claim they own the domain? They have an account there which enables them to do a little bit, but this is far from owning it. Your example with privasphere would be better fitting with the Feature Request to verify ownerships of accounts (#518)

ralfhauser commented 10 years ago

The proof text doesn't use the word "own". e.g. max has https <<...

I am an admin of https://oneshallpass.com ...>> It doesn't say "I am the one and only admin..." or "chief" or alike. But agreed, a hard-coded one-person-proof-site should get more trust points than a site where thousands only control a small fraction of a site's relative-URL-space.

ghost commented 10 years ago

On the other hand "admin" is well defined: I have no restrictions regarding the site whatsoever. Eg. access to every area of the website and can change everything I want on the website which includes direct access to the directories and files itself.