[clug] Invites to keybase
Scott Ferguson
scott.ferguson.clug at gmail.com
Mon Aug 8 07:50:44 UTC 2016
On 05/08/16 23:18, Ambrose Andrews wrote:
> On 05/08/16 21:51, Scott Ferguson wrote:
>> I also have some unused invites if anyone wants. You will need to be
>> able to (loosely) verify your identity - with a website you own/control,
>> or a social account e.g. twitter.
>>
>> If you need more information about keybase.io, there's plenty of
>> documentation on the site. It is not recommended to use for high
>> security encryption (your private key is under their control), but it's
>> useful for a large number of other uses.
>>
>
> You can set it up so your private key isn't under their control.
Thanks for the tip!
Though I'd investigated triplesec (I trust it to the same degree I trust
the general use GPG key I use for keybase) I hadn't noticed that I could
avoid pushing my private key to keybase.
>
> I have my public key up on the page and use local software to do any
> decryption / signing.
>
> Others can still use the javascript interface to encrypt to or verify
> from me without any compromise required on my part.
I don't "believe" the risk is too great, though I *disagree* with
https://blog.filippo.io/on-keybase-dot-io-and-encrypted-private-key-sharing/
that it's the same (reversing triplesec) as reverse engineering my
private key (not even close, by many factors).
Ideally people should assign a low security rating to their keybase
registered key pair - whether they've pushed their private key up to
keybase or not. IMO good security requires compartmentalisation (there
is no one-size-secures-all-solution) - if high security (long term) is
required then a special keypair should be generated for that use. i.e.
if someone uses my public public key to contact me and wants to secure
communication that I rate as "highly secret for the long term" I'll
negotiate the use of a new set of keys - preferably on a non-general use
computer.
My only requirements for encryption are:- to ensure intergrity;
short-term secrecy of proprietary business information. Others may have
different use cases.
I still have plenty of keybase invites left if anyone else wants one.
>
> -AA.
>
>
>
Kind regards
--
A: Because we read from top to bottom, left to right.
Q: Why should I start my reply below the quoted text?
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: The lost context.
Q: What makes top-posted replies harder to read than bottom-posted?
A: Yes.
Q: Should I trim down the quoted part of an email to which I'm reply
http://www.idallen.com/topposting.html
More information about the linux
mailing list