ssh VS keybase-issues

It continues to amaze me that ssh still does not use https PKI and relies on developer manually checking fingerprint (which he supposedly does in a hard-to-google location and realistically he does not check anything). So much care and work went to implement web security and developers still basically live in a self-signed world.

At least put your key to https://github.com/.well-known/ssh/ed25519.pub so I don't need to Google it... And may be some day ssh will support it natively. Someone need to act first.

https://github.com/keybase/keybase-issues/issues/2963

- "Overview of Certification Systems: X.509, CA, PGP and SKIP"

...

- k8s docker vault secrets [owasp, inurl:awesome] https://www.google.com/search?q=k8s+docker+vault+secrets+owa... https://github.com/gites/awesome-vault-tools

- Why secrets shouldn't be passed in $ENVIRONMENT variables; though e.g. the "12 Factor App" pattern advises to parametrize applications mostly with environment variables that show in /proc/pid/environ but not /proc/pid/cmdline

W3C DID supports GPG proofs and revocation IIRC:

"9.6 Key and Signature Expiration"

You could try asking over at https://github.com/keybase/keybase-issues/issues but I'd be surprised if they can do anything. Also, judging by the recent history on there it's dead.

Keybase seems to hardcode and show the master branch. Maybe your master branch is missing? Refer to this github issue

Thanks, but unfortunately not. (#3066, among others. Under no circumstances will I allow Keybase or its software to access my private key - just give me something to sign and return to prove ownership, already...)