[Cryptography] Any opinions on keybase.io?

Paul Hoffman paul.hoffman at vpnc.org
Tue Dec 16 11:19:47 EST 2014


On Dec 15, 2014, at 5:37 PM, Tony Arcieri <bascule at gmail.com> wrote:
> However, they're trying to raise the usability bar, but the first thing you have to do is install Node.js and run a bunch of crap from the command line.

Not at all. You can use their web UI without doing anything from the command line. This brings in some completely terrible features involving your private key, but no one has proposed any other way of doing what they do in a browser context with less terrible things.

> Justin Troutman just wrote a really interesting article about this: if we really want to help Johnny encrypt, we need to fix the tools that he is already using, not make crypto-centric solutions, and certainly not requiring Johnny to do anything on the command line:
> 
> http://www.technologyreview.com/view/533456/people-want-safe-communications-not-usable-cryptography/

Do note that that article does not give any actual solutions for people who do not completely trust their enterprise or service provider. A better description of the article is "we can and should make life much easier for those who trust others with their keys and identity". However, many of us tell our friends not to do that, particularly with high-value keys or identities.

> Ideally encryption should be transparent to Johnny, and something Johnny's email provider can flip on transparent to him (unless he actually wants to knuckle down and dig into the crypto-details of what's going on behind the scenes)
> 
> Beyond that I second the philosophical objections to centralization and Keybase's proprietary nature: whatever replaces the SKS system should be openly federated and open source.

Keybase for the command line is open source. They have said they would like to federate, but I don't think anyone else has stepped up to do the work they have done, so there isn't anyone to federate with.

--Paul Hoffman


More information about the cryptography mailing list