@00dani @anonthemoose We could bring in support for either OTR, OMEMO, and/or PGP signatures?

@mitchell oh, are you working on keybase? i think pgp is sufficient although i'm sure there are users who'd love support for alternative signature schemes - my issue is that you can only sign an arbitrary web page with keybase if you control the entire domain, which means you can't sign your gnu social/mastodon profile nor most profiles that aren't specially hardcoded into keybase? and it seems like checking your profile's rss/atom feed for keybase proofs would be a good workaround!

@00dani Each profile can have a signature object on the profiles page which can then be attached to each "toot"'s XML, and can be used to verify the legitimacy. (Not encrypting it in this example because CPU usage on the server)

@mitchell ooh, that sounds excellent! keybase currently only lets you prove you own your profile as a whole - in cases like twitter, you make a single tweet with a signed proof in it. signing all your individual posts would definitely be preferable if possible, although i suspect keybase would still demand you make a single post with a keybase proof anyway :3

@00dani We talking about keybase.io? Cause you can just take the signature and search keybase on each server as opposed to the client doing it? IDK. Or maybe something like

Keybase -> Client for look up but the check is done on both server and client?

@00dani You can revoke the proof's by revoking the sig on keybase and your profile?

@mitchell true. i dunno, i assume there are Good Reasons™ that keybase.io works the way it does?? i'm not really a crypto expert oops ¯\_(ツ)_/¯

@00dani Neither am I @chu is a bit better at it than me (Especially PGP/GPG) 

@chu - What would be one reliable way to verify users using PGP (Or similar) on GS/Mastodon?

@mitchell verify users' what? the entire user? tweets? be more specific @00dani