> And I will, as seems to be *my* role here, recommend checking out > keybase.io, which you can use without trusting, and provides what smells to > me like extremely practical probabilistic key<=>person mapping confidence.
Keybase is about as good as you can get with a centralized system. However, it creates an system that ends up being not very user friendly (especially when it comes to replacing lost or stolen keys). It's also a central point of failure. And, for whatever reason, they replace personal everyone's email with their own @keybase.io email address, so your emails all go through their servers. As a centralized platform, I won't be surprised to see more of these walled-garden lock-in type things. For secure communications systems, I prefer systems that no entity has a monopoly over, without central authorities or points of failure. They're more robust and less prone to tampering. The 51% attack is the worse that can happen with the blockchain, and it amounts only to censorship. The worst that can happen with a central authority, on the other hand, is total compromise. Cheers, Greg (i'm greg in the namecoin blockchain, but I prefer, eventually, to be [email protected] when that's figured out). -- Please do not email me anything that you are not comfortable also sharing with the NSA. On Nov 18, 2014, at 11:42 AM, Tim Bray <[email protected]> wrote: > On Tue, Nov 18, 2014 at 11:27 AM, Tao Effect <[email protected]> wrote: >> Cracking the usable key verification problem. This move brings WhatsApp to >> the same level of security as iMessage (or better, given the forward >> security), but WhatsApp/Facebook could still do a switcheroo on people's >> keys. TextSecure never really figured this out IMO - it still expects people >> to manually compare long strings of hex. > > > I will, as seems to be my role here, recommend the blockchain and a system > like DNSChain for solving this problem. :-) > > And I will, as seems to be *my* role here, recommend checking out > keybase.io, which you can use without trusting, and provides what smells to > me like extremely practical probabilistic key<=>person mapping confidence. > > - Tim Bray (If you’d like to send me a private message, see > https://keybase.io/timbray)
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
