[openstack-dev] Keybase.io invites for OpenStack people (was Re: Key signing at the summit?)

Adam Young ayoung at redhat.com
Mon Nov 10 16:45:56 UTC 2014


On 11/02/2014 07:23 AM, Mark Atwood wrote:
>> I will also try to get more keybase.io invites, for those who want them.
>>   keybase.io is a web service that provides an independently provable
>> binding between your social media and github identities, and your gpg
>> key.
> I have been granted *many* invites from keybase.io for OpenStack
> developers.
>
> I have already sent an invite to everyone who already participated in
> the keysigning party in Hong Kong and in Atlanta.
>
> If anyone else wants an invite, do please approach me at the Summit in
> Paris, or email me.
>
> ..m
>
> --
> Mark Atwood <mark.atwood at hp.com>
> Mark Atwood <me at mark.atwood.name>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Current problem:  CLI requires a conflicting dependency with Fedora 
packages Node.js libraries.  I'll see if I can remove the conflicting files.

I like the idea of Keybase, but remember, it is really easy to do PKI 
wrong.  The cardinal rule of PKI is that the Private Key should never 
leave your machine;  ideally it would never leave a hardware security 
module.  It should certainly not be send to some remote machine for 
management unless...well, unless you have the whole archival and storage 
story straight.

So, do Keybase, but don't let it manage your private key.  They don't 
really want to, anyway.



More information about the OpenStack-dev mailing list