Jonathan McDowell dijo [Fri, Apr 04, 2014 at 10:35:41PM +0100]: > > > To be clear, if I spot any key > > > that's both in any of the Debian keyrings and in keybase.io, I will > > > proceed as if the key had been lost or compromised and immediately > > > remove it from our keyring. > > > > No, sorry. Don't do that. My key is on keybase, but *not the private > > half* > > Likewise. I have signed up to keybase.io largely to kick the tires and > see what I make of it. I will absolutely not be trusting any third party > with the private half of my key on their servers, even if it's > passphrase protected and the crypto carried out at the client side.
Urgh... Well, please enlighten me here: Without fully auditing the Javascript code you are using to do the crypto client-side, can you *really* be certain your private half has not travelled to Keybase? -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140404231813.gf85...@gwolf.org
