Wait, do you *have* to keep your private keys in keybase? I thought it was mostly pubkey operations?
I'm much more skeptical if they keep private keys, that's dark stuff. Imagine how many private keys are protected with terrible passwords, and what damage you could do to the WOT if you could just quietly crack enough keys in the WOT and use them to sign a fraudulent cert? On 24/06/14 12:22, MrBiTs wrote: >> I've been very impressed with how Keybase has evolved, and how well they >> explain their model to users. It is without a doubt >> what I'd recommend to a semi- or un-technical user to get them started. > >> They have a walkthrough of their approach to security and threat models >> here: https://keybase.io/docs/server_security > >> And they explain "tracking" in detail here: https://keybase.io/docs/tracking > > More than only create a great documentation, the wrapper they wrote in NodeJS > abstracts GnuPG commands making easy to any > un-technical person to use cryptography constantly. Of course a little bit of > paranoya is always good, and I don't agree with the > idea to host my private keys in a server I don't control, even cyphered with > a password, but I think it can solve the problem that > users forget or loose your keys and our keychain remains with unuseable, no > revogated keys. > > CheerS > > -- T: @onetruecathal, @IndieBBDNA P: +353876363185 W: http://indiebiotech.com
0x988B9099.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
