On Fri, Nov 6, 2015 at 10:33 AM, Lonnie Olson <li...@kittypee.com> wrote:
> On Fri, Nov 6, 2015 at 9:42 AM, Jonathan Duncan > <jonat...@bluesunhosting.com> wrote: > > As I mentioned earlier I sign and pass messages these > > days with keybase.io (using GPG) or sharelock.io. > > Interesting, I haven't heard of sharelock.io before. It's quite > interesting, but since the key is held by the website instead of the > recipient, the message can be intercepted and read by the sharelock.io > operators, or anyone that can successfully intercept the SSL > transaction between recipient and sharelock.io (Corporate SSL > Inspection). > > PGP (including keybase.io) on the other hand uses proper keys held by > sender/recipient. So I guess your choice depends on the sensitivity > of the message and/or the ability of the recipient to use proper keys. > > Indeed, of the two, keybase is definitely more secure. Sharelock has almost no barrier to entry, which makes it a good first step for encouraging people to start using crypto, if, as you say, we can actually trust Sharelock employees. :) /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */