So, Mirmir wrote:
| 13. Targeted attacks against PGP key ids are possible
This is an advantage of Keybase. Then we're not depending on the KeyID, or even on the fingerprint, but rather on an identity that's multiply and independently authenticated.
I keep hearing more and more about keybase, and I have a problem with it. It's a centralised service, owned and controlled by a single entity; moreover, the keys are tied to online identities controlled by corporate third parties (Twitter, Facebook, et al). I don't see a Diaspora/The Federation support, for instance. My problem with this is two-fold: 1. It might allow abuse, esp. MITM attacks. If Keybase becomes a /de facto/ standard of acquiring keys, it seems trivial to me for them to replace a valued target's key with something a LEA would provide. 2. It still promotes the closed, walled-gardens. Diaspora or GNU Social support would not be that hard to implement. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147