[Cryptography] Any opinions on keybase.io?

Judson Lester nyarly at gmail.com
Wed Dec 17 13:15:01 EST 2014


On Wed Dec 17 2014 at 7:50:29 AM Paul Hoffman <paul.hoffman at vpnc.org> wrote:
>
> You say that as if you have proposed a design that allows people with only
> web browsers, not control of their command line, to securely share their
> identities. I don't see that in your linked article. Or are you saying that
> participation in this type of identity federation should only be allowed to
> those of us with those capabilities, or people who are willing to run some
> "trusted" binary executable for our platform?
>

 Everyone deserves trustworthy communications online.

I don't have a design that makes that possible for everyone. I don't know a
design that does. Keybase isn't it. My deepest objection to Keybase is that
it promises that and manifestly fails to deliver.

(I was working with the keybase group on a decentralized standard - the
popularity of Keybase with technical folks discouraged me. But, yeah, it'd
be command line stuff, most likely.)

One significant wrinkle is right there in your challenge: "willing to run a
trusted binary" and "only web browsers."

But more significantly, I don't know *how* to design a system that can
protect participants without putting a significant responsibility on them -
to understand the protocols, to review the programs they're using, to do
*something* more than tick the 'secure' box.

And that's by no means a condemnation of computer users everywhere. It's
the voice of despair, because I think we deserve security, and to be able
to do something other than maintain our security all the time.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141217/e473011f/attachment.html>


More information about the cryptography mailing list