Re: keybase.io
Jonathan McDowell dijo [Fri, Apr 04, 2014 at 10:35:41PM +0100]:
> > > To be clear, if I spot any key
> > > that's both in any of the Debian keyrings and in keybase.io, I will
> > > proceed as if the key had been lost or compromised and immediately
> > > remove it from our keyring.
> >
> > No, sorry. Don't do that. My key is on keybase, but *not the private
> > half*
>
> Likewise. I have signed up to keybase.io largely to kick the tires and
> see what I make of it. I will absolutely not be trusting any third party
> with the private half of my key on their servers, even if it's
> passphrase protected and the crypto carried out at the client side.
Urgh...
Well, please enlighten me here: Without fully auditing the Javascript
code you are using to do the crypto client-side, can you *really* be
certain your private half has not travelled to Keybase?
Reply to: