Keybase
rysiek
rysiek at hackerspace.pl
Sat Jan 17 02:52:21 PST 2015
So,
Mirmir wrote:
> | 13. Targeted attacks against PGP key ids are possible
>
> This is an advantage of Keybase. Then we're not depending on the KeyID,
> or even on the fingerprint, but rather on an identity that's multiply
> and independently authenticated.
I keep hearing more and more about keybase, and I have a problem with it. It's
a centralised service, owned and controlled by a single entity; moreover, the
keys are tied to online identities controlled by corporate third parties
(Twitter, Facebook, et al). I don't see a Diaspora/The Federation support, for
instance.
My problem with this is two-fold:
1. It might allow abuse, esp. MITM attacks. If Keybase becomes a /de facto/
standard of acquiring keys, it seems trivial to me for them to replace a
valued target's key with something a LEA would provide.
2. It still promotes the closed, walled-gardens. Diaspora or GNU Social
support would not be that hard to implement.
--
Pozdrawiam,
Michał "rysiek" Woźniak
Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150117/969350b8/attachment.sig>
More information about the Testlist
mailing list