[Cryptography] Any opinions on keybase.io?

Ralf Senderek crypto at senderek.ie
Wed Dec 17 06:31:07 EST 2014

On Wed, 17 Dec 2014 09:18:50 Tony Arcieri wrote:
> The "revolutionary" part is that if the end-to-end extension is
> written correctly, transparently, and in an open-source manner,
> if Johnny's provider does this, it will notify Johnny 

That won't help Johnny, because if encryption has to be transparent
to Johnny you claim (falsely IMHO) that he should have nothing to do with
ciphertext or keys. In this case someone else controls the encryption
key and can invalidate the encryption even if it actually happens.
The mere availability of an "off switch" should make Johnny nervous.

Without Johnny controlling (at least part of) the encryption key there is
no assurance of security for Johnny and that's why it cannot happen to
him transparently.


More information about the cryptography mailing list