On Sep 9, 2014, at 2:09 PM, Tao Effect <[email protected]> wrote: > The lookup would proceed to those services, to which the keys are not pinned, > so the scope widens a bit again, just enough to include the Five Eyes, the > host companies themselves (twitter and github), and anyone who hacked them. [..] > - For maybe <1%, it could provide false answers.
Oops, correction: if keybase pins their cert (and it's not compromised), then it would be able to detect false answers from twitter and github (even if they were compromised). The downside of a centralized service, however, is that it then becomes a single point of failure, and the incentive for malicious entities to attack it becomes greater. -- Please do not email me anything that you are not comfortable also sharing with the NSA.
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
