My keys expired and Keybase doesn't warn anyone of my followers

[galuszkak]

Long story short.

My key expired some time ago. I can still chat through Keybase Chat and none is even warned that my key expired. What's more stunning is that my messages are shown as Encrypted & Signed & OK!

I maybe little outrage but seriously? What is the point of expiry date of my key if Keybase doesn't even warn my peers/colleagues that they shouldn't trust my key as it is expired!

Second thought is that, how can I use old and new key with Keybase so I won't lost my chat history? Is this even possible? Can I send both proofs for old and new key?

Thanks Kamil

[zapu]

Hello, thank you for using Keybase.

If I understood correctly, you are concerned that while your PGP key attached to your Keybase account has expired, you are still able to communicate using Keybase Chat. However, the PGP key is not used for neither chat nor KBFS (file sharing). I welcome you to read about "device keys" - a more streamlined key model that's feasible for operating on multiple devices assigned to one identity: https://keybase.io/blog/keybase-new-key-model

Also you can review your Keybase sigchain: https://keybase.io/galuszkak/sigchain which contains your device keys and information on how and when they came to be - note that addition of each key has been signed by other key, maintaining your local chain of trust. First device key is even signed by your PGP key.

Let me know if you have any further questions.

[galuszkak]

@zapu not really, my profile and proofs are using PGP key that is expired, and they are portrayed as valid, and they shouldn't be. (see https://keybase.io/galuszkak/ ) If keys expired I would suspect that it warns user on my profile page that my key isn't worth of trust because it's expired.

[obestwalter]

However, the PGP key is not used for neither chat nor KBFS (file sharing).

I wonder why not though. I also thought that the private key I use as the central token to verfiy my identity is somehow the root of trust and if that key is expired or revoked, something should automagically happen to invalidate the keybase sigchain. I just started using keybase yesterday and did not read up that much yet about how it is supposed to work and what I can expect and what not, but your answer @zapu defintely makes me feel that some things don't add up.

[galuszkak]

So @zapu after reading links that You provided, it makes me even more concerned (please read my first replay before this). I was under impression when I was adding devices to Keybase that they are copying my PGP key with QR code or dress matrix (I thought it's something like seed for bitcoin private keys). What I've learned now, it makes me even more confused.

So Keybase generated new keys for me. They are publicly exposed labels of my devices for everyone (thanks for heads up I wasn't aware that now whole internet could know what devices I own). This is really privacy? Not mentioning that Keybase setup expiry dates for those new generated keys to long after my death, without my consent on that.

Guys sorry, but this isn't explained in process enough. I wasn't even aware about half of those things, I was lead to believe that it always work on my one private key. It's not what I want as a user.

[obestwalter]

They are publicly exposed labels of my devices for everyone (thanks for heads up I wasn't aware that now whole internet could know what devices I own).

To be fair: keybase is not about privacy - it is about proving identity.

That's their tag line when you google for it:

Public key crypto for everyone, publicly auditable proofs of identity.

... nothing about privacy there - just the opposite.

[galuszkak]

@obestwalter I disagree. It has motto in Google: "Keybase makes apps for every platform - apps to make chatting, privacy, and crypto easy." See screenshot @obestwalter :

[obestwalter]

Interesting.

Here is mine:

As I understand it, the privacy aspect is about encrypted conversations using your publically auditable proofs of identity.

[galuszkak]

@obestwalter don't get me wrong on that. I understand Your point. I just wouldn't take default names for label devices keys as they are public. Rather than Nexus 7 I would name it whatever_2. It didn't occurred to me that device label will be public available.

[cjb]

For what it's worth, the screen asking for the device name calls it a "public name".

[obestwalter]

I agree - that should be made very clear when user initializes that.

[galuszkak]

@junderw It's this:

uid Kamil Galuszka <galuszkak@gmail.com>
sig  sig3  CF4B9C51 2015-09-06 __________ 2017-09-05 [selfsig]
uid Kamil Galuszka <kamil.galuszka@solution4future.com>
sig  sig3  CF4B9C51 2015-09-06 __________ 2017-09-05 [selfsig]
sub  2048R/73D70DEC 2015-03-05            
sig sbind  CF4B9C51 2015-09-06 __________ 2017-09-05 []

So they expired 5th of September.

[galuszkak]

Hi @zapu,

Let me know if you have any further questions.

Sorry if I over use Your kindness but I still didn't get answer on why Keybase doesn't respect expiration date of my PGP key. Could You be so kind to explain that, why Keybase ignore expiration date, and doesn't warn my followers on profile page that my key is expired and shouldn't be trusted?

[obestwalter]

I just read the article that @zapu linked: https://keybase.io/blog/keybase-new-key-model - my understanding of this is that the "new key model" only uses the pgp key as seed to create a chain with NaCL and paper keys of their own. IIUC the validity of these keys is detached from the validity of the"seed" pgp key.

So you should not let it expire and if you revoke it, you are also responsible to completely trash your chain (reset your keys & start from scratch).

If this is the case, it would be good to explain that much more explicitly in the documentation.

[galuszkak]

Can someone back up @obestwalter findings. Is that really the case, that expiry date of PGP seed key isn't used at all by keybase and it's just never taken into account? Can someone confirm that this is intended behavior? @zapu (sorry if I over use Your kindness in that topic :) )? I do believe that still it's something that I wouldn't like to happen.

[maxtaco]

As long as the key was valid at the time, we consider it a valid signature now. If the PGP key is expired now, we don't allow a signature to be made now. So we definitely do check PGP key expiration, and reject signatures by keys that are currently expired.

But the alternative to the above --- to push user accounts into a broken state on the basis of a ticking and retroactive timebomb --- is a horrible user experience. We'd have users with accounts that worked one day and utterly broken the next. Software that people actually use can't work that way.

Also note, the more we work on keybase, the more against key expiration we've become. Key expiration dates from the old system where you have a PGP key on a floppy drive and you exchange floppy drives with other users. I.e., a system in which no one is really using the technology. Nowadays, with all devices online and connected, the notion of key expiration makes a lot less sense. Also note that PGP key expiration is basically meaningless because you can always push the expiration time forwards! If the bad guy gets your key, he'll just do that. It serves roughly no purpose. The only purpose I can discern is that if your PGP key is on a keyserver somewhere and you don't want to use it anymore but you've lost the private key, then it's a way out, once the expiration time comes. But Keybase's key model is superior, since you can always cancel a lost device with an active sibling device.

Finally, we've come very close to just ignoring PGP key expiration altogether. We haven't done it yet, but we are tempted. PGP key expiration is: (1) preposterously complicated; and (2) underspecified in the RFC. We haven't done so yet, but we've come close as we try to triangulate a policy that accommodates the really whacky keys we've seen in the wild.

[junderw]

Every day I am more and more convinced that Keybase is a much better solution to the key exchange problem then the pgp web of trust.

[galuszkak]

@maxtaco so if I can just make couple of points: A) Expiration key for me makes a lot of sense because if I want to rid of old key (for example I want to rid 2048 bit key in favor of 4096 bit and I want to use expiration date to be visible to understand by others which key I use now.) B) Is there any way I can remove old and new key without losing all builded key trust? Or this is rebuilding whole trust to my devices from ground up? C) But Keybase's key model is superior, since you can always cancel a lost device with an active sibling device. Can I cancel seed PGP key then with one of device keys?

[maxtaco]

@galuszkak, yes, this should definitely work. Try keybase pgp drop from the command line. This doesn't make a PGP revocation, it just signs with your device key that you no longer want to use that PGP key. Feel free to upload a new one in its place.