Re: keybase.io

To: debian-project@lists.debian.org, keyring-maint@debian.org
Subject: Re: keybase.io
From: Russ Allbery <rra@debian.org>
Date: Fri, 04 Apr 2014 16:23:03 -0700
Message-id: <[🔎] 87d2gw4r3c.fsf@windlord.stanford.edu>
In-reply-to: <[🔎] 20140404231813.GF85077@gwolf.org> (Gunnar Wolf's message of "Fri, 4 Apr 2014 17:18:13 -0600")
References: <[🔎] 20140404135001.GA14641@bryant.redmars.org> <[🔎] 20140404140209.GB9048@emyr.net> <[🔎] 20140404212427.GC85077@gwolf.org> <[🔎] 20140404212640.GA10585@helios.pault.ag> <[🔎] 20140404213541.GE24850@earth.li> <[🔎] 20140404231813.GF85077@gwolf.org>

Gunnar Wolf <gwolf@gwolf.org> writes:

> Urgh...

> Well, please enlighten me here: Without fully auditing the Javascript
> code you are using to do the crypto client-side, can you *really* be
> certain your private half has not travelled to Keybase?

If Javascript running in a browser has access to your GPG secret key
without you explicitly pasting it into the browser, I think you have
larger problems....

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Re: keybase.io
  - From: "Paul R. Tagliamonte" <paultag@gmail.com>
- Re: keybase.io
  - From: Gunnar Wolf <gwolf@gwolf.org>

References:
- keybase.io
  - From: Jonathan Dowland <jmtd@debian.org>
- Re: keybase.io
  - From: Luca Filipozzi <lfilipoz@debian.org>
- Re: keybase.io
  - From: Gunnar Wolf <gwolf@gwolf.org>
- Re: keybase.io
  - From: Paul Tagliamonte <paultag@debian.org>
- Re: keybase.io
  - From: Jonathan McDowell <noodles@earth.li>
- Re: keybase.io
  - From: Gunnar Wolf <gwolf@gwolf.org>

Prev by Date: Re: keybase.io
Next by Date: Re: keybase.io
Previous by thread: Re: keybase.io
Next by thread: Re: keybase.io
Index(es):
- Date
- Thread