[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: keybase.io

Jonathan McDowell dijo [Fri, Apr 04, 2014 at 10:35:41PM +0100]:
> > > To be clear, if I spot any key
> > > that's both in any of the Debian keyrings and in keybase.io, I will
> > > proceed as if the key had been lost or compromised and immediately
> > > remove it from our keyring.
> > 
> > No, sorry. Don't do that. My key is on keybase, but *not the private
> > half*
> Likewise. I have signed up to keybase.io largely to kick the tires and
> see what I make of it. I will absolutely not be trusting any third party
> with the private half of my key on their servers, even if it's
> passphrase protected and the crypto carried out at the client side.


Well, please enlighten me here: Without fully auditing the Javascript
code you are using to do the crypto client-side, can you *really* be
certain your private half has not travelled to Keybase?

Reply to: