.@ircri Keybase is in the worst of both worlds, asking you to manage your own keys, but also to upload your private key to the server
-
-
Replying to @bascule
@bascule@ircri can you elaborate on why uploading an encrypted private key is a mortal sin? My arguments are at https://filippo.io/on-keybase-dot-io-and-encrypted-private-key-sharing/ …1 reply 0 retweets 0 likes -
Replying to @FiloSottile
@FiloSottile@ircri I'd suggest checking out this blog post from@matthew_d_green: http://blog.cryptographyengineering.com/2012/04/icloud-who-holds-key.html …1 reply 0 retweets 0 likes -
Replying to @FiloSottile
@FiloSottile@ircri as they even state, if their JS has your private key, they have your private key...1 reply 0 retweets 0 likes -
Replying to @FiloSottile
@FiloSottile@ircri well, I did write a whole blog post about it: http://tonyarcieri.com/whats-wrong-with-webcrypto …2 replies 0 retweets 0 likes
@FiloSottile @ircri that's cool, but doesn't excuse shipping an insecure option
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.