[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: keybase.io

On Fri, Apr 04, 2014 at 04:33:18PM +0200, Tobias Frost wrote:
> Well, this "thing" raises several red flags just by reading "upload ...
> private key". This alone smells very wrong, because I'm the opinion a
> private key must never leave my (trusted) system) 

More than that, it's good practice to never let the private half leave
an offline machine, and use that offline high-entropy machine issue
signing subkeys which you can take with you on your other machines.

I'm not doing this, but it's good practice (and I should start once I
can be bothered to generate new keys)


 .''`.  Paul Tagliamonte <paultag@debian.org>  |   Proud Debian Developer
: :'  : 4096R / 8F04 9AD8 2C92 066C 7352  D28A 7B58 5B30 807C 2A87
`. `'`  http://people.debian.org/~paultag
 `-     http://people.debian.org/~paultag/conduct-statement.txt

Attachment: signature.asc
Description: Digital signature

Reply to: