[clug] Invites to keybase

Scott Ferguson scott.ferguson.clug at gmail.com
Tue Jul 12 13:38:29 UTC 2016



On 12/07/16 20:46, George at Clug wrote:
>     Own, have you thought about giving a talk about Keybase to the
> CLUG Thursday meeting?
> 
> I never knew of Keybase until you raised to topic.
> 
> What is it?

It's a PKI and an attempt to build a web of trust on our social accounts
and the websites we host. It's a free service built by two of the
co-founders of OKCupid, Chris Coyne and Max Krohn.

> 
> How is it used?

Either through an app, or the cli. It can also be run as a browser
extension (should you wish). There are also python and javascript
(https://keybase.io/kbpgp) libraries.

> 
> Why would yodo you use itu use it?

So you can verify "who" you are. i.e. I don't personally know Chris
Coyne, but I know the identity from various forums. Keybase allows me to
give (limited) trust that messages signed with his key (verified on
Keybase) are actually signed by him (and can only have been signed by
him). The idea is to make identity verification easier for people who
find following a key signing chain difficult to understand using
standard GnuPG.

You can use it to sign or encrypt your emails and other messages, you
can also use it encrypt files on your own devices using keybase fusefs
(https://keybase.io/docs/kbfs). What makes this different to things like
Kleopatra/Dolphin/KDE and mutt/Iceweasel/Thunderbird and GnuPG is that
it's supported by a number of "social" sites (e.g. twitter, hackernews)
and GitHub - the end result should hopefully bring about greater use of
encryption in personal communications.

> 
> Are the any security implications to using it?

Yes, as with any encryption scheme it's only as secure as the OS it's
run on and the meatbags at either end.
The code is Open Source and though not yet formally audited has been/is
being scrutinised by cryptographers.

It's not a panacea for poor OpSec, but it does make digital signature
verification and digital identification easier for those who find
traditional methods too hard. Hopefully it will spur developers to
include it's functionality into websites to that posters can verify
their identity and prove that their posts are unaltered (encryption and
decryption can be done-client side in-browser).

Keybase has been in active development for several years now, but has
only just (about) reached alpha. You'll find more documentation on-site
- and as time progresses. At this point it's might be best to wait until
more features have been added and tested, or your knowledge of
cryptography increases (especially key management) lest you lose access
to data.

> 
> Thanks,
> 
> George.

No need to take my word for it - you could, and should, verify the
information yourself by simply following the link Owen posted
(keybase.io) and doing a little searching and reading on cryptography
forums.



Kind regards


keybase.io/sfitcs
476664FD2736BAA5

> 
> At Monday, 11-07-2016 on 19:31 Owen wrote:
> 
> 
<snipped>
> 

-- 
    A: Because we read from top to bottom, left to right.
    Q: Why should I start my reply below the quoted text?

    A: Because it messes up the order in which people normally read text.
    Q: Why is top-posting such a bad thing?

    A: The lost context.
    Q: What makes top-posted replies harder to read than bottom-posted?

    A: Yes.
    Q: Should I trim down the quoted part of an email to which I'm reply

http://www.idallen.com/topposting.html



More information about the linux mailing list