[staktrace]

Most people don't do what you are doing with PGP. In other words you are not in the demographic they are targeting. For their target demographic (people who don't use crypto, or use it poorly), what they are doing is much better than what the people have now.

[simias]

How so? I don't really get the point of these device keys to be honest.

If anything it seems more complicated than what I'm proposing. People who don't use crypto will probably let keybase manage their private keys (at least at first) so this could be handled transparently.

I mean, you could turn it the other way around. If this system is confusing and unintuitive for somebody like me who is familiar with the details of asymmetric cryptography, how are less technical users supposed to figure it out and understand the trust model?

I doubt the average person on the street would understand what https://keybase.io/travisby/graph means.

[staktrace]

The point of the device keys is that you don't need a PGP key at all. PGP and carrying around a master key securely everywhere is unnecessarily complex for most people. I don't use PGP at all, but I can still use keybase to do encryption/decryption seamlessly across multiple devices which is great.

[tscs37]

The point of a device key is that you can revoke such a key in the event it gets lost and not have people accidentally use it to send you secrets (assuming they use keybase online / are up to date )

[simias]

But you could do this even if those keys were encrypted with the master PGP key.

I don't have any issues with using sub-keys, it's a very good idea actually, for the reason you mention. I just wish I had the option to tell keybase "never store those keys in cleartext, always encrypt them with the master key". Then it would ask be to decrypt the keys on startup and everybody would be happy (well, at least I would be).