Your essentially argue for network vision for verification.
Keybase is doing a interesting thing were they have a Merkel tree and then they put the root of the Merkel tree into the bitcoin blockchain. When you fetch the tree, you can check the validity on the blockchain.
They could use public key pinning that people are sure to always hit keybase.io and then verify on the blockchain (I must check if they actually have HPKP activated).
An viable attack on that is pretty damn near impossible without actually comprosing the end user device.
An viable attack on that is pretty damn near impossible without actually hacking into the end user device.
Keybase is doing a interesting thing were they have a Merkel tree and then they put the root of the Merkel tree into the bitcoin blockchain. When you fetch the tree, you can check the validity on the blockchain.
They could use public key pinning that people are sure to always hit keybase.io and then verify on the blockchain (I must check if they actually have HPKP activated).
An viable attack on that is pretty damn near impossible without actually comprosing the end user device.
An viable attack on that is pretty damn near impossible without actually hacking into the end user device.