|
|
|
|
|
|
by jcrawfordor
4465 days ago
|
|
|
Keybase seeks to solve the exact problem you just pointed out by connecting PGP keys to established online identities (Twitter, Github, etc.). You could create a Keybase account for Edward Snowden, sure, but his friends wouldn't trust it when they discover that the Twitter account they know to be his hasn't verified the key. You say that people should start with authentication. That's exactly what keybase is trying to do. Realize that it's a hard problem. How would you implement it? |
|
|
1. It assumes that Malory didn't copy paste all the content of Alice's bitbucket/alice account into an unclaimed github/alice.
2. It assumes a state actor cannot change the content on github, twitter, etc at the moment Bob attempts to validate the associates with Alice's keybase name.
3. Many Bob's will misplace their trust in the names on Keybase just as they do with GPG WoT (Web-of-Trust) systems because Bob doesn't really check the assumptions, caveats and things he should before trusting the key is Alice's.
This name/key anchoring will work for casual users of PGP who are not worried about malicious users clever enough to copy+paste enough content to attempt a Sybil attack. It works for people that are probably already in communication with each other for some time. But it should not be used for someone needing to retain anonymity, or anyone worried about state adversaries, or anyone worried about an "advanced persistent" adversary, or in the post-snowden world anyone wanting to communicate with a journalist.
It's point #3, how people actually use/abuse WoT's like this, that I feel outweighs the narrow positive scenarios. Keybase might be an improvement on absolutely horrific and broken existing WoT's such as http://pgp.mit.edu (I cannot believe this thing is still non-ssl only) and it explores imperfect security, which I am a big fan of. I just think WoT's in general have some other fundamental problems.