rysiek rysiek at
Sat Jan 17 02:52:21 PST 2015


Mirmir wrote:
> | 13. Targeted attacks against PGP key ids are possible
> This is an advantage of Keybase. Then we're not depending on the KeyID,
> or even on the fingerprint, but rather on an identity that's multiply
> and independently authenticated.

I keep hearing more and more about keybase, and I have a problem with it. It's 
a centralised service, owned and controlled by a single entity; moreover, the 
keys are tied to online identities controlled by corporate third parties 
(Twitter, Facebook, et al). I don't see a Diaspora/The Federation support, for 

My problem with this is two-fold:

1. It might allow abuse, esp. MITM attacks. If Keybase becomes a /de facto/ 
standard of acquiring keys, it seems trivial to me for them to replace a 
valued target's key with something a LEA would provide.

2. It still promotes the closed, walled-gardens. Diaspora or GNU Social 
support would not be that hard to implement.

Michał "rysiek" Woźniak

Zmieniam klucz GPG ::
GPG Key Transition ::
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <>

More information about the cypherpunks mailing list