Keybase

rysiek rysiek@hackerspace.pl
Sat Jan 17 02:52:21 PST 2015


So,

Mirmir wrote:
> | 13. Targeted attacks against PGP key ids are possible
> 
> This is an advantage of Keybase. Then we're not depending on the KeyID,
> or even on the fingerprint, but rather on an identity that's multiply
> and independently authenticated.

I keep hearing more and more about keybase, and I have a problem with it. It's 
a centralised service, owned and controlled by a single entity; moreover, the 
keys are tied to online identities controlled by corporate third parties 
(Twitter, Facebook, et al). I don't see a Diaspora/The Federation support, for 
instance.

My problem with this is two-fold:

1. It might allow abuse, esp. MITM attacks. If Keybase becomes a /de facto/ 
standard of acquiring keys, it seems trivial to me for them to replace a 
valued target's key with something a LEA would provide.

2. It still promotes the closed, walled-gardens. Diaspora or GNU Social 
support would not be that hard to implement.

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20150117/969350b8/attachment.sig>


More information about the cypherpunks mailing list