Houston, we have a problem

Stefan Claas stefan.claas at posteo.de
Tue Sep 26 16:25:21 CEST 2017


On Tue, 26 Sep 2017 15:14:38 +0200, Kristian Fiskerstrand wrote:
> On 09/26/2017 03:05 PM, Stefan Claas wrote:
> > I'm no expert like all you guys, but my dream would be if Werner
> > and his team could
> > work together with the keybase team, so that we could have WKD
> > support for keybase.  
> 
> WKD is a good step in providing a mechanism for key discovery, but if
> automatically considering such keys valid (either directly or through
> TOFU-model) you reduce the security to security of X.509 root
> certificate PKIX, which many users trusts implicitly already so it is
> a good simplification in many cases. That said I fail to see where
> keybase comes into the picture, maybe you can elaborate a bit on that?
> 
Well, i can't fetch keys from keybase with GnuPG in the command line
like i can do with traditional key servers. On keybase i am in full
control of my pub key, so that nobody can add there unwanted
signatures or a fake "sig3" to my pub key. I could not test WKD yet,
but believe that the same rule applies there too, with protecting
my pub key. If both, WKD and keybase could work as one unit
GnuPG power users could fetch keys via CLI, as usual, or via their
client software and users had the ability too to check also the keybase
Web Interface for additional infos about a user, if they like to do so.

keybase current stats:

Keys: 763,642
Humans: 180,431
Teams: 8,652 (new!)

The figures should not be underestimated imho because i believe
that keybase helps also the grow of GnuPG and is a nice addition for
GnuPG users, me thinks.

Regards
Stefan




-- 
https://www.behance.net/futagoza
https://keybase.io/stefan_claas



More information about the Gnupg-users mailing list