[Cryptography] keybase.io

Jan Schaumann jschauma at netmeister.org
Sat Jan 3 12:32:24 EST 2015

Randy Bush <randy at psg.com> wrote:

> a friend said
> > having a way to authenticate together the online identities of folks
> > could be useful.
> to the nsa, yes.  but how is it useful to the users?  e.g. i do not see
> a way to leverage it to solve the "first date problem," key exchange
> with a new remote friend.

I believe the argument is that it's "good enough" for people who already
"know" the party they're trying to reach to some degree and within our
various online networks/identities.

I may know somebody from Twitter, but may not know them to be the author
of some software on GitHub whom I'm trying to reach; keybase.io could
help tie those two identities together and link to an associated

Disclaimer: I'm not saying that there aren't many other ways to
accomplish this; nor am I saying that keybase.io is all sorts of
wonderful or should even be trusted for what it claims to do.  I'm just
noting that that's the use case I've heard being made.

Along similar lines, I've argued[1] that if I tweet my PGP fingerprint,
and you already follow me on Twitter, you can probably sign it (so long
as you don't believe Twitter was compromised or works actively against


[1] incidentally prior to keybase.io's birth:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 478 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150103/6a96024b/attachment.sig>

More information about the cryptography mailing list