Wait, do you *have* to keep your private keys in keybase? I thought it was mostly pubkey operations? I'm much more skeptical if they keep private keys, that's dark stuff. Imagine how many private keys are protected with terrible passwords, and what damage you could do to the WOT if you could just quietly crack enough keys in the WOT and use them to sign a fraudulent cert? On 24/06/14 12:22, MrBiTs wrote:
I've been very impressed with how Keybase has evolved, and how well they explain their model to users. It is without a doubt what I'd recommend to a semi- or un-technical user to get them started.
They have a walkthrough of their approach to security and threat models here: https://keybase.io/docs/server_security
And they explain "tracking" in detail here: https://keybase.io/docs/tracking
More than only create a great documentation, the wrapper they wrote in NodeJS abstracts GnuPG commands making easy to any un-technical person to use cryptography constantly. Of course a little bit of paranoya is always good, and I don't agree with the idea to host my private keys in a server I don't control, even cyphered with a password, but I think it can solve the problem that users forget or loose your keys and our keychain remains with unuseable, no revogated keys.
CheerS
-- T: @onetruecathal, @IndieBBDNA P: +353876363185 W: http://indiebiotech.com