[clug] Invites to keybase
mike.carden at gmail.com
Mon Aug 8 08:16:30 UTC 2016
A tad off-topic I know, but this discussion of public and private keys has
called to mind a thing that I have recently discovered about public keys.
If you have a github account and have uploaded any public keys there,
github makes them available to anyone via:
You can get mine from https://github.com/mcarden.keys
Why is this useful? It's useful because if I am collaborating with someone
and want that person to be able to access a machine under my control, I can
curl https://github.com/username.keys >> ~/.ssh/authorized_keys
... and that person can ssh into my machine seamlessly.
Or I can ask someone to do the same for me. The Internet, it works!
On Mon, Aug 8, 2016 at 5:50 PM, Scott Ferguson <
scott.ferguson.clug at gmail.com> wrote:
> On 05/08/16 23:18, Ambrose Andrews wrote:
> > On 05/08/16 21:51, Scott Ferguson wrote:
> >> I also have some unused invites if anyone wants. You will need to be
> >> able to (loosely) verify your identity - with a website you own/control,
> >> or a social account e.g. twitter.
> >> If you need more information about keybase.io, there's plenty of
> >> documentation on the site. It is not recommended to use for high
> >> security encryption (your private key is under their control), but it's
> >> useful for a large number of other uses.
> > You can set it up so your private key isn't under their control.
> Thanks for the tip!
> Though I'd investigated triplesec (I trust it to the same degree I trust
> the general use GPG key I use for keybase) I hadn't noticed that I could
> avoid pushing my private key to keybase.
> > I have my public key up on the page and use local software to do any
> > decryption / signing.
> > from me without any compromise required on my part.
> I don't "believe" the risk is too great, though I *disagree* with
> that it's the same (reversing triplesec) as reverse engineering my
> private key (not even close, by many factors).
> Ideally people should assign a low security rating to their keybase
> registered key pair - whether they've pushed their private key up to
> keybase or not. IMO good security requires compartmentalisation (there
> is no one-size-secures-all-solution) - if high security (long term) is
> required then a special keypair should be generated for that use. i.e.
> if someone uses my public public key to contact me and wants to secure
> communication that I rate as "highly secret for the long term" I'll
> negotiate the use of a new set of keys - preferably on a non-general use
> My only requirements for encryption are:- to ensure intergrity;
> short-term secrecy of proprietary business information. Others may have
> different use cases.
> I still have plenty of keybase invites left if anyone else wants one.
> > -AA.
> Kind regards
> A: Because we read from top to bottom, left to right.
> Q: Why should I start my reply below the quoted text?
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> A: The lost context.
> Q: What makes top-posted replies harder to read than bottom-posted?
> A: Yes.
> Q: Should I trim down the quoted part of an email to which I'm reply
> linux mailing list
> linux at lists.samba.org
More information about the linux