hey @firstname.lastname@example.org hurry up and support rel="me" links already
distributed identity verification is the best thing and i see ny'all not supporting it
@00dani what does rel=me mean?
@LottieVixen well, rel= is an attribute you can put onto a link in html to describe what that link "means" relative to the current page - rel="next" for "this is the go-to-next-page link" and rel="canonical" for "this is the official url for this article, without shortening nonsense" are two common ones
rel="me" means "the page i'm linking is controlled by the same person as the current page", and if you have rel="me" links bidirectionally (say, on my github profile and on my personal site) then you have reasonably strong proof that i'm the same person in both places
rel="me" is currently used by https://indieauth.com/ to authenticate with certain sites As Your Domain Name. it's pretty cool
@00dani why not just have some form of keybase-style third party thing?
Also, I'm pretty sure Twitter puts rel="me" on your website URL.
@ben yeah it does, that one is actually crossed out because my twitter got suspended :p
the rest are sites that don't support rel="me" tho and they suck
the reason keybase is inadequate imho is that it means trusting keybase, at least to some extent! they've put a lot of effort into letting you trust the proofs without trusting the service, but the types of proof are still very limited and you're still reliant on their tools to actually retrieve and manage proofs
@00dani you can also do what keybase does without keybase: basically, just sign a thing saying "I'm 00dani and this is my Steam account with the steam ID that follows" with your GPG key and then put it on your Steam bio
@ben sure you can! i've signed things like that for my fediverse accounts, since keybase doesn't know about them
but again i think rel="me" verification is better? o:
* it's more discoverable - the link is necessarily right there on your profile
* tools for automatic verification can be super simple - i currently use https://github.com/indieweb/verify-me , which currently does trust the https://indiewebify.me service to work, but it'd be super simple to write a zero-trust version?
* masto actually already supports it, which is why i have a nice green tick on my masto profile at the moment
it's theoretically less secure, since it doesn't involve private-key-signed messages, but if the two sites involved have proper tls it's at least as practically secure as the "get my pgp key from my site here in order to verify these proofs please" approach
The Vulpine Club is a friendly and welcoming community of foxes and their associates, friends, and fans! =^^=