[Cryptography] Any opinions on keybase.io?
bascule at gmail.com
Tue Dec 16 20:15:16 EST 2014
On Tue, Dec 16, 2014 at 8:19 AM, Paul Hoffman <paul.hoffman at vpnc.org> wrote:
> On Dec 15, 2014, at 5:37 PM, Tony Arcieri <bascule at gmail.com> wrote:
> > However, they're trying to raise the usability bar, but the first thing
> you have to do is install Node.js and run a bunch of crap from the command
> Not at all. You can use their web UI without doing anything from the
> command line. This brings in some completely terrible features involving
> your private key, but no one has proposed any other way of doing what they
> do in a browser context with less terrible things.
Please see the work Google E2E is doing:
Google is collaborating with Yahoo to ensure their implementations are
Do note that that article does not give any actual solutions for people who
> do not completely trust their enterprise or service provider. A better
> description of the article is "we can and should make life much easier for
> those who trust others with their keys and identity".
Google proposed a CT-like transparency protocol which would help users
identify if their directory misadvertized their keys:
> However, many of us tell our friends not to do that, particularly with
> high-value keys or identities.
Making users responsible for their own key management is a great security
practice, and key management forms a huge part of my day job, but asking
Johnny to manage his own keys doesn't help Johnny encrypt.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography