Also thanks to Rikairchy, I got an invite.
I opted not to upload my private key, and it's still a pretty useful
service without that.
Github, twitter & bitcoin address, signed by my priv key offline. The
"tracking" feature is probably the easiest implementation of web-of-trust
I've seen.
On 22
On Monday, June 23, 2014, Jonathan Care wrote:
>
> Projects like keybase.io, mailvelope, and so on
>
You namedrop these projects as if they're the same thing, but they're not.
- Keybase.io is a web page, and last I looked, they weren't using CSP,
which would help prevent XSS
- Mailvelope (which
On 23 June 2014 00:58, Tony Arcieri wrote:
> On Sat, Jun 21, 2014 at 1:37 PM, Robert Dannhauer <
> r.dannha...@googlemail.com> wrote:
>
> > The only question: Can this be trusted? Can we make sure they don't know
> > the passphrase?
>
>
> No, the passphrase is being entered into a web page loaded
On Sat, Jun 21, 2014 at 1:37 PM, Robert Dannhauer <
r.dannha...@googlemail.com> wrote:
> The only question: Can this be trusted? Can we make sure they don't know
> the passphrase?
No, the passphrase is being entered into a web page loaded from their
domain. Unless you audit the scripts every sin
On 20 June 2014 21:22, Rikairchy wrote:
> I have a few questions regarding this website.
It's an interesting-sounding idea, with the stated goal of encouraging
greater use of OpenPGP by "ordinary" folks who commonly find GPG too
"difficult" to use.
> There is an option to create as well as uplo
Thanks to Rikairchy I was able to take a look. They are saying:
"For safety, the Keybase servers never see your passphrase, even during
login, and therefore cannot decrypt your private key. "
The only question: Can this be trusted? Can we make sure they don't know
the passphrase?
Even though this l
On Fri, Jun 20, 2014 at 1:22 PM, Rikairchy wrote:
> Why would a website focused on providing security allow users to
> upload their private keys?
>
They are willfully creating a less secure system in hopes of making it
popular. Supporting private key upload completely changes the threat model,
f
Hi,
On 20 Jun 2014, at 22:22, Rikairchy wrote:
> There is an option to create as well as upload your private key. I'm
> very new to this type of encryption, having only worked with
> Truecrypt, SSH, and Bitloccker prior, but I was under the impression
> that the private key was the last thing yo
-Original Message-
From: Rikairchy
Sent: Friday, June 20, 2014 13:22
[ ... ]
There is an option to create as well as upload your private key. I'm
very new to this type of encryption, having only worked with
Truecrypt, SSH, and Bitloccker prior, but I was under the impression
that the
I have a few questions regarding this website.
For those of you unfamiliar with it, (to my knowledge) a GPG
keyserver, website, and client for easy upload. The client supports
signing, encrypting, and verifying messages as does the website. There
is also an option to "track" users, verifying who t
10 matches
Mail list logo
