So, Mirmir wrote: > | 13. Targeted attacks against PGP key ids are possible > > This is an advantage of Keybase. Then we're not depending on the KeyID, > or even on the fingerprint, but rather on an identity that's multiply > and independently authenticated.
I keep hearing more and more about keybase, and I have a problem with it. It's a centralised service, owned and controlled by a single entity; moreover, the keys are tied to online identities controlled by corporate third parties (Twitter, Facebook, et al). I don't see a Diaspora/The Federation support, for instance. My problem with this is two-fold: 1. It might allow abuse, esp. MITM attacks. If Keybase becomes a /de facto/ standard of acquiring keys, it seems trivial to me for them to replace a valued target's key with something a LEA would provide. 2. It still promotes the closed, walled-gardens. Diaspora or GNU Social support would not be that hard to implement. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147
signature.asc
Description: This is a digitally signed message part.
