You're Already Logged In!
Pubkey.Chat is an example of the WMAP protocol in action. It is an IRC-like experience where all outgoing messages are signed with your SSH key, and all incoming messages are verified against the author's pubkeys. Every GitHub user's ssh pubkeys are publicly available.
Every message is signed with your SSH private key, and then posted in a public place. Your friends can verify these messages came from you by checking the signature against your SSH public keys on GitHub. See WMAP for more information on signing and verification.
sequenceDiagram
participant GitHub
participant Pubkey.Chat
participant Alice
participant Bob
Alice->>GitHub: Upload SSH Pubkey
note over Alice: sign message with <br/> SSH Private Key
Alice->>Pubkey.Chat: POST to TOPIC
loop Polling
Bob->>+Pubkey.Chat: GET latest message for TOPIC
end
Pubkey.Chat->>-Bob: New Message from Alice
Bob->>GitHub: GET Alice's SSH Pubkey
note over Bob: Verify message against <br/> Alice's SSH Pubkey
For the sake of keeping the code simple and easy to auditable, the client polls for new messages using repeated HTTP GET queries.