[openstack-dev] [all] Key signing at the summit?

Clint Byrum clint at fewbar.com
Tue Nov 11 15:38:07 UTC 2014


Excerpts from Jeremy Stanley's message of 2014-11-11 06:31:57 -0800:
> On 2014-11-10 23:55:59 -0500 (-0500), Adam Young wrote:
> > Um, yeah. What Zigo said.
> 
> Agreed. I tried out keybase.io (but not the insane private key
> hosting obviously), was unimpressed and have since deleted my
> account. I'll acknowledge that as someone who already doesn't use
> social media and considers it a blight on the Internet as a whole, I
> was likely not their target audience anyway.
> 

It's sort of odd that you think bringing the same capability we have
had for decades with IRC to web users is a blight on the internet. ;)
The blight is the people being stupid .. not the technology in use.

> I respect that they're trying to bring OpenPGP and
> cryptocommunication in general to a wider audience, but sort of
> thought the crypto community had already learned the "trust us with
> your private key" lesson during the Hushmail incident of 2007. I
> fear keybase.io is doomed to repeat that unfortunate bit of history.
> 

Yeah storing private keys is the dumb part.

> For anyone who wants to find my public key, it's already in the SKS
> pool and replicated to most other popular keyserver networks replete
> with accumulated signatures.

They're simply trying to close the loop between the identification
process most internet users have now (social networking) and OpenPGP keys.
However, I think alienating those who understand it by storing private
keys is not a winning strategy.



More information about the OpenStack-dev mailing list