[lkowalcz]

Well I can audit the source code of my client and be assured that it will only rekey when it sees proof (posted via twitter) that the person the data was encrypted for has joined.

Keybase doesn't have my private key (only I do), so they can't re-encrypt the contents.

(sorry if I misunderstood your question)

[zanny]

Cross device usability suffers, then. Credential locked keyfiles stored server side could be served to end users without revealing the key to the server - you would still need to input the credential locally to open the keyring, but then you could just login to a client rather than having to copy public keys around by file.

I imagine the later isn't impossibly complex, but would require slick engineering to get over the barrier of expectations most people have.