Re: keybase.io

[Jonathan McDowell]

On Fri, Apr 04, 2014 at 08:15:10PM -0400, Paul Tagliamonte wrote:
> On Sat, Apr 05, 2014 at 12:57:50AM +0100, Jonathan McDowell wrote:
> > 2 separate points to make here (as well as the general point Russ and
> > Paul have followed up with about what do we trust in general running on
> > the same machine as your GPG key).
> 
> Sorry, I wrote that from my phone. My point was this attack vector
> (nonfree code running on the same machine as your OpenPGP key) taken to
> it's absolute extreme (wine, dropboxd) is still *not* grounds for
> automated removal from the keyring.

I'm not disagreeing with that; I was agreeing that if you're going to
argue about one piece of non-free code then where do you draw the line.
What about my network interface firmware? My hard drive firmware? My
BIOS?

With my keyring-maint hat on I back Gunnar and Luca's statements that
people should not be uploading the private part of their keys used for
Debian work to the keybase website, and if I am made aware of any
private keys in the Debian keyring that are on the site I will treat
them as potentially compromised.

I am not saying you shouldn't try the keybase website on the same
machine as the key lives on, or examine the keybase CLI client, or run
the GPG commands manually. At present I have no firm opinion about these
actions.

> Furthermore, the way *I* set up Keybase was to run the GnuPG commands
> they requested (clearsigning and decrypting), since they looked safe and
> sane (and paste the results back in a form.

I had not noticed that was an option. I've also examined these commands,
decided they looked sane and pasted the output back into the form.

> > Firstly, there are 2 parts to the client side code from keybase.io, as
> > far as I'm aware[0]. The first is they have an in browser implementation
> > which requires your GPG private key to be stored on their server, but
> > has it passphrase encrypted and all of the actual use of the key is
> > through client side browser Javascript. The second is they have a
> > node.js based CLI tool which runs on your personal machine and uses a
> > key stored locally. This actually calls out to GPG to do the crypto.
> 
> Thirdly, you can run raw (sane and short) GnuPG commands by hand in the
> terminal, pasting results back.

I hadn't noticed this was an option; thank you for making me aware of
it.

> > The former I think is a bad idea (because it definitely involves
> > giving keybase the private part of the key). The latter on the face
> > of it sounds acceptable (as long as there's no part of the code that
> > is directly manipulating the key or potentially sending it off
> > machine) and doesn't seem to have any greater issue than anything
> > else that might use a GPG installation.
> > 
> > With regards to my particularly situation I have not used the
> > keybase website from any machine that also has my private GPG
> > available to it.
> 
> I have, and I seriously doubt my key has been taken.

I agree,  I don't think the code is going to maliciously try and steal
my key, it just happens that the machines I run browsers on don't have
access to my key by default.

J.

-- 
Web [   And you can't help my life. But you can hide the knives.   ]
site: http:// [  ]   Made by
www.earth.li/~noodles/  [  ] HuggieTag 0.0.24


signature.asc
Description: Digital signature

Re: keybase.io

[Paul Tagliamonte]

On Fri, Apr 04, 2014 at 08:56:50PM -0600, Gunnar Wolf wrote:
> Right. However, I guess that most uses of the app (other than sending
> a message saying "yes I'm here, this is me") will require pasting the
> key. Or not? Keybase users, please enlighten me: What do you do with
> it besides just existing on teh graph?

I'm not a keybase user; actually, oddly enough, I'm a bit of a critic
(or rather, 1990s linux user) with my friends about it (RE: private half
usage), so I've not been able to use all of it's features - I just think
Keybase was getting a bad rap.

Being on the graph is why I'm on it - so that people who do use the
keybase CLI can talk about "me" (or rather: my Key) by the abstract (and
easy to remember name) 'paultag'.

That's about as far as it goes for me, so I don't know much more, but
I wouldn't dismiss the graph as a trivial thing.

A strong network effect in the OpenPGP world is nothing but great for
us, again, even if this site isn't technically perfect (which I don't
think anyone is claiming)


Cheers,
  Paul

-- 
 .''`.  Paul Tagliamonte   |   Proud Debian Developer
: :'  : 4096R / 8F04 9AD8 2C92 066C 7352  D28A 7B58 5B30 807C 2A87
`. `'`  http://people.debian.org/~paultag
 `- http://people.debian.org/~paultag/conduct-statement.txt


signature.asc
Description: Digital signature

Re: keybase.io

[Gunnar Wolf]

Russ Allbery dijo [Fri, Apr 04, 2014 at 04:23:03PM -0700]:
> > Well, please enlighten me here: Without fully auditing the Javascript
> > code you are using to do the crypto client-side, can you *really* be
> > certain your private half has not travelled to Keybase?
> 
> If Javascript running in a browser has access to your GPG secret key
> without you explicitly pasting it into the browser, I think you have
> larger problems

Right. However, I guess that most uses of the app (other than sending
a message saying "yes I'm here, this is me") will require pasting the
key. Or not? Keybase users, please enlighten me: What do you do with
it besides just existing on teh graph?


-- 
To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140405025649.gb86...@gwolf.org

Re: keybase.io

[Paul Tagliamonte]

On Sat, Apr 05, 2014 at 12:57:50AM +0100, Jonathan McDowell wrote:
> 2 separate points to make here (as well as the general point Russ and
> Paul have followed up with about what do we trust in general running on
> the same machine as your GPG key).

Sorry, I wrote that from my phone. My point was this attack vector
(nonfree code running on the same machine as your OpenPGP key) taken to
it's absolute extreme (wine, dropboxd) is still *not* grounds for
automated removal from the keyring.

Furthermore, the way *I* set up Keybase was to run the GnuPG commands
they requested (clearsigning and decrypting), since they looked safe and
sane (and paste the results back in a form.

> Firstly, there are 2 parts to the client side code from keybase.io, as
> far as I'm aware[0]. The first is they have an in browser implementation
> which requires your GPG private key to be stored on their server, but
> has it passphrase encrypted and all of the actual use of the key is
> through client side browser Javascript. The second is they have a
> node.js based CLI tool which runs on your personal machine and uses a
> key stored locally. This actually calls out to GPG to do the crypto.

Thirdly, you can run raw (sane and short) GnuPG commands by hand in the
terminal, pasting results back.

> The
> former I think is a bad idea (because it definitely involves giving
> keybase the private part of the key). The latter on the face of it
> sounds acceptable (as long as there's no part of the code that is
> directly manipulating the key or potentially sending it off machine) and
> doesn't seem to have any greater issue than anything else that might use
> a GPG installation.
> 
> With regards to my particularly situation I have not used the keybase
> website from any machine that also has my private GPG available to it.

I have, and I seriously doubt my key has been taken.

> This is largely a factor of the way I treat my key rather than any
> special precaution I have taken around keybase. Once I get my head
> around the horror of the keybase CLI client being npm tentacles and
> pulling in a bunch of random stuff that I'm not sure I fully trust I
> will examine that set of code to convince myself that it's not going to
> leak my key anywhere and potentially try it out.

Aye. That half is Freely licensed, I believe.

https://github.com/keybase/node-client


Audits welcome, I'd very much like to be able to trust it.


Cheers,
  Paul


-- 
 .''`.  Paul Tagliamonte   |   Proud Debian Developer
: :'  : 4096R / 8F04 9AD8 2C92 066C 7352  D28A 7B58 5B30 807C 2A87
`. `'`  http://people.debian.org/~paultag
 `- http://people.debian.org/~paultag/conduct-statement.txt


signature.asc
Description: Digital signature

Re: keybase.io

[Jonathan McDowell]

[I trimmed the To down to -project because I think everyone on the CC is
 reading that; I certainly am so no need to explicitly CC me.]

On Fri, Apr 04, 2014 at 05:18:13PM -0600, Gunnar Wolf wrote:
> Jonathan McDowell dijo [Fri, Apr 04, 2014 at 10:35:41PM +0100]:
> > > > To be clear, if I spot any key
> > > > that's both in any of the Debian keyrings and in keybase.io, I will
> > > > proceed as if the key had been lost or compromised and immediately
> > > > remove it from our keyring.
> > > 
> > > No, sorry. Don't do that. My key is on keybase, but *not the private
> > > half*
> > 
> > Likewise. I have signed up to keybase.io largely to kick the tires and
> > see what I make of it. I will absolutely not be trusting any third party
> > with the private half of my key on their servers, even if it's
> > passphrase protected and the crypto carried out at the client side.
> 
> Urgh...
> 
> Well, please enlighten me here: Without fully auditing the Javascript
> code you are using to do the crypto client-side, can you *really* be
> certain your private half has not travelled to Keybase?

2 separate points to make here (as well as the general point Russ and
Paul have followed up with about what do we trust in general running on
the same machine as your GPG key).

Firstly, there are 2 parts to the client side code from keybase.io, as
far as I'm aware[0]. The first is they have an in browser implementation
which requires your GPG private key to be stored on their server, but
has it passphrase encrypted and all of the actual use of the key is
through client side browser Javascript. The second is they have a
node.js based CLI tool which runs on your personal machine and uses a
key stored locally. This actually calls out to GPG to do the crypto. The
former I think is a bad idea (because it definitely involves giving
keybase the private part of the key). The latter on the face of it
sounds acceptable (as long as there's no part of the code that is
directly manipulating the key or potentially sending it off machine) and
doesn't seem to have any greater issue than anything else that might use
a GPG installation.

With regards to my particularly situation I have not used the keybase
website from any machine that also has my private GPG available to it.
This is largely a factor of the way I treat my key rather than any
special precaution I have taken around keybase. Once I get my head
around the horror of the keybase CLI client being npm tentacles and
pulling in a bunch of random stuff that I'm not sure I fully trust I
will examine that set of code to convince myself that it's not going to
leak my key anywhere and potentially try it out.

J.

[0] I may be wrong about these and welcome corrections; I have not yet
delved into the details of the service and its implementation.

-- 
   Evil will always triumph over   |  .''`.  Debian GNU/Linux Developer
Good, because Good is dumb.| : :' :  Happy to accept PGP signed
   | `. `'   or encrypted mail - RSA
   |   `-key on the keyservers.


signature.asc
Description: Digital signature

Re: keybase.io

[Paul R. Tagliamonte]

+1 russ.

This is true of the dropbox daemon too. Are we to throw out DDs with
dropboxd installed? Wine?
On Apr 4, 2014 7:23 PM, "Russ Allbery"  wrote:

> Gunnar Wolf  writes:
>
> > Urgh...
>
> > Well, please enlighten me here: Without fully auditing the Javascript
> > code you are using to do the crypto client-side, can you *really* be
> > certain your private half has not travelled to Keybase?
>
> If Javascript running in a browser has access to your GPG secret key
> without you explicitly pasting it into the browser, I think you have
> larger problems
>
> --
> Russ Allbery (r...@debian.org)   
>
>
> --
> To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmas...@lists.debian.org
> Archive: https://lists.debian.org/87d2gw4r3c@windlord.stanford.edu
>
>

Re: keybase.io

[Russ Allbery]

Gunnar Wolf  writes:

> Urgh...

> Well, please enlighten me here: Without fully auditing the Javascript
> code you are using to do the crypto client-side, can you *really* be
> certain your private half has not travelled to Keybase?

If Javascript running in a browser has access to your GPG secret key
without you explicitly pasting it into the browser, I think you have
larger problems

-- 
Russ Allbery (r...@debian.org)   


-- 
To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87d2gw4r3c@windlord.stanford.edu

Re: keybase.io

[Gunnar Wolf]

Jonathan McDowell dijo [Fri, Apr 04, 2014 at 10:35:41PM +0100]:
> > > To be clear, if I spot any key
> > > that's both in any of the Debian keyrings and in keybase.io, I will
> > > proceed as if the key had been lost or compromised and immediately
> > > remove it from our keyring.
> > 
> > No, sorry. Don't do that. My key is on keybase, but *not the private
> > half*
> 
> Likewise. I have signed up to keybase.io largely to kick the tires and
> see what I make of it. I will absolutely not be trusting any third party
> with the private half of my key on their servers, even if it's
> passphrase protected and the crypto carried out at the client side.

Urgh...

Well, please enlighten me here: Without fully auditing the Javascript
code you are using to do the crypto client-side, can you *really* be
certain your private half has not travelled to Keybase?


-- 
To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140404231813.gf85...@gwolf.org

Re: keybase.io

[Jonathan McDowell]

On Fri, Apr 04, 2014 at 05:26:40PM -0400, Paul Tagliamonte wrote:
> On Fri, Apr 04, 2014 at 03:24:27PM -0600, Gunnar Wolf wrote:
> > Right, I strongly agree with Luca here.
> 
> I do too

Likewise.

> > To be clear, if I spot any key
> > that's both in any of the Debian keyrings and in keybase.io, I will
> > proceed as if the key had been lost or compromised and immediately
> > remove it from our keyring.
> 
> No, sorry. Don't do that. My key is on keybase, but *not the private
> half*

Likewise. I have signed up to keybase.io largely to kick the tires and
see what I make of it. I will absolutely not be trusting any third party
with the private half of my key on their servers, even if it's
passphrase protected and the crypto carried out at the client side.

J.

-- 
Revd Jonathan McDowell, ULC | You non-conformists are all alike.


signature.asc
Description: Digital signature

Re: keybase.io

[Gunnar Wolf]

Jonathan Dowland dijo [Fri, Apr 04, 2014 at 02:50:01PM +0100]:
> keybase.io is a thing. This thing lets you, amongst other things, upload a 
> copy
> of your PGP private key to their servers. This is client-side encrypted.
> 
> Discuss.

As this thread was started at debian-private, I sent some of my
replies there. But given Jonathan has moved this (thanks!) to a public
list, I'll just copy my mail answering to him (along with his quoted
text):

Jonathan Dowland dijo [Thu, Apr 03, 2014 at 05:23:31PM +0100]:
> Sure! I'll try.

Thanks a lot for your lengthy and interesting explanation!

> I think, what they are trying to do, is widen the base of people using PGP by
> providing tools to do so in browsers. I.e. lowering the barrier of
> entry.

Right. This very first point is what makes me curious. I have been
interested in finding user-friendly tools to manage encryption (and
its different properties). Sadly, as the tools get better, I get
further away from understanding what does a "regular" user want as a
user experience. So my input on the field is less and less relevant
;-)

> (...)
> You can also associate yourself with twitter, github and
> your own personal website. For each method, you use the keybase client to
> generate some kind of challenge that proves you hold the PGP key that is
> associated with your keybase.io account, and post that challenge on the site:
> (...)
> Within keybase, you can 'track' people, which is a bit like following in a
> social network, but establishes a cryptographic relationship. I've followed a
> few folks so far.

Right. So I'll now exhibit my ignorance on current day social habits.

I understand people following each other on message-posting services,
such as Twitter — If you are interested in what I say, you follow
me. Or some models (FB) require relations to be bidirectional. But
what is "following" in the context of jmtd.net? (I even struggle to
understand social media on Github... I am interested in projects, not
in people!) Being me a non-social-networkee, how would I interact with
keybase, without caring for the people I supposedly "follow"?

Or, OTOH, I understand this idenitifed your Twitter personna. Now, do
you encrypt your tweets? Sign them? How much longer are your Twitter
messages when you append a GPG-like signature to them?

> There's a keybase command-line client with which you can perform all of the
> above operations. There is also a bunch of stuff in their website, which I
> can't really use because I haven't uploaded my private key. (When I have time 
> I
> will generate a new test key and upload that, replacing my real one - and
> breaking the auth of the twitter,github etc.)

Right. What I like so far about this client is that it is *way* more
natural (again, for users) than gnupg. And, of course, I expect
different GUIs to follow. That can be interesting.

Now, maybe this tool could be augmented with intelligence on how to
relay a message in the best route possible. I mean, I see you can
"keybase encrypt jmtd -m 'a secret msg'". What does this give you? A
message ready to cut+paste in your favorite form? Or does it get sent
via the best possible route to jmtd? Say, maybe I can only establish a
trusted path to your account via Twitter, then 'a secret msg' gets
posted as three public jibberishy messages on Twitter (and only jmtd
can decrypt them). Or does this tool just give you a gpg-signed text
to cut+paste to your mail?

> The keybase web client supports signing, verifying, encrypting and decrypting
> messages to each other, via your PGP key. The process is done client side, and
> the key is crypted client side (aat least they say so. I haven't investigated
> properly), but the encrypted privkey is stored server side.

Right. It is all done client side, but... Why does it have to store
your private key server-side?


signature.asc
Description: Digital signature

Re: keybase.io

[Paul Tagliamonte]

On Fri, Apr 04, 2014 at 03:24:27PM -0600, Gunnar Wolf wrote:
> Right, I strongly agree with Luca here.

I do too

> To be clear, if I spot any key
> that's both in any of the Debian keyrings and in keybase.io, I will
> proceed as if the key had been lost or compromised and immediately
> remove it from our keyring.

No, sorry. Don't do that. My key is on keybase, but *not the private
half*

It helps my friends that are getting to know OpenPGP find my key, and it
*can* be done without having the private half in there, which is the
only problem.

Thanks,
  Paul

-- 
 .''`.  Paul Tagliamonte   |   Proud Debian Developer
: :'  : 4096R / 8F04 9AD8 2C92 066C 7352  D28A 7B58 5B30 807C 2A87
`. `'`  http://people.debian.org/~paultag
 `- http://people.debian.org/~paultag/conduct-statement.txt


signature.asc
Description: Digital signature

Re: keybase.io

[Gunnar Wolf]

Luca Filipozzi dijo [Fri, Apr 04, 2014 at 02:02:09PM +]:
> FWIU, the client-side encryption is javascript provided by the service so
> modifiable by the service at will and able to capture/transmit passphrase.
> 
> DDs interested in this experimenting with this service are encouraged to NOT
> upload the PGP private key that is registered in the Debian Keyring.
> 
> If you sign up for the beta and receive an invitation, please consider
> generating a new, independent PGP keypair for use with this service.

Right, I strongly agree with Luca here. To be clear, if I spot any key
that's both in any of the Debian keyrings and in keybase.io, I will
proceed as if the key had been lost or compromised and immediately
remove it from our keyring.

Not that I will be checking for it (for now, at least). Not that I
have even talked about it within the team. But I strongly think it's
one of the duties of us as keyring maintainers. (Cc:ing for a reality
check ;-) )


signature.asc
Description: Digital signature

Re: keybase.io

[Tobias Frost]

Am Freitag, den 04.04.2014, 16:33 +0200 schrieb Tobias Frost:
>  
> Also, some reading suggestion:
> https://github.com/keybase/keybase-issues/issues/489

Sorry, just realized this I pasted the wrong link.
I meant this one:

http://blog.lrdesign.com/2014/03/thoughts-on-keybase-io/


--
To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/1396624173.4155.10.ca...@ithilien.loewenhoehle.ip

Re: keybase.io

[Paul Tagliamonte]

On Fri, Apr 04, 2014 at 04:33:18PM +0200, Tobias Frost wrote:
> Well, this "thing" raises several red flags just by reading "upload ...
> private key". This alone smells very wrong, because I'm the opinion a
> private key must never leave my (trusted) system) 

More than that, it's good practice to never let the private half leave
an offline machine, and use that offline high-entropy machine issue
signing subkeys which you can take with you on your other machines.

I'm not doing this, but it's good practice (and I should start once I
can be bothered to generate new keys)

Cheers,
  Paul

-- 
 .''`.  Paul Tagliamonte   |   Proud Debian Developer
: :'  : 4096R / 8F04 9AD8 2C92 066C 7352  D28A 7B58 5B30 807C 2A87
`. `'`  http://people.debian.org/~paultag
 `- http://people.debian.org/~paultag/conduct-statement.txt


signature.asc
Description: Digital signature

Re: keybase.io

[Tobias Frost]

Am Freitag, den 04.04.2014, 14:50 +0100 schrieb Jonathan Dowland:
> keybase.io is a thing. This thing lets you, amongst other things, upload a 
> copy
> of your PGP private key to their servers. This is client-side encrypted.
> 
> Discuss.

Well, this "thing" raises several red flags just by reading "upload ...
private key". This alone smells very wrong, because I'm the opinion a
private key must never leave my (trusted) system) 

Reading a little about it, e.g the issue tracker, they *require* the
passphrase when you upload the key [1]. With that it is completly out of
your control, and if it is client-side-encrypted, for what they need the
passphrase in the first place? This makes only sense if they need to
access the private key sometime, and then the client-side encryption is
snake oil (and you never now if your should be better be recoveked)
 
Also, some reading suggestion:
https://github.com/keybase/keybase-issues/issues/489

Disclaimer: Just reading informations, did not try out smth to confirm
the info) 

[1] https://github.com/keybase/keybase-issues/issues/489


--
To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/1396621998.4155.8.ca...@ithilien.loewenhoehle.ip

Re: keybase.io

[Luca Filipozzi]

On Fri, Apr 04, 2014 at 02:50:01PM +0100, Jonathan Dowland wrote:
> keybase.io is a thing. This thing lets you, amongst other things, upload a
> copy of your PGP private key to their servers. This is client-side encrypted.
> 
> Discuss.

FWIU, the client-side encryption is javascript provided by the service so
modifiable by the service at will and able to capture/transmit passphrase.

DDs interested in this experimenting with this service are encouraged to NOT
upload the PGP private key that is registered in the Debian Keyring.

If you sign up for the beta and receive an invitation, please consider
generating a new, independent PGP keypair for use with this service.

For the Debian System Administration Team,

Luca

-- 
Luca Filipozzi
http://www.crowdrise.com/SupportDebian


signature.asc
Description: Digital signature

keybase.io

[Jonathan Dowland]

keybase.io is a thing. This thing lets you, amongst other things, upload a copy
of your PGP private key to their servers. This is client-side encrypted.

Discuss.


-- 
To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140404135001.ga14...@bryant.redmars.org