keybase claims my web identity broke while it's clearly working

[wbolster]

Keybase sends me mails about my web identity being broken, while the well-known file is valid and accessible.

Running keybase prove web again claims there's already an ownership claim, and any attempt to overwrite it results in an error that a "live proof (...) already exists".

$ keybase prove web https://wouter.bolsterl.ee
You already have claimed ownership of https://wouter.bolsterl.ee; overwrite?  [y/N] y
warn: You'll be asked to post a file available at
warn:      https://wouter.bolsterl.ee/.well-known/keybase.txt
warn:   or https://wouter.bolsterl.ee/keybase.txt
Proceed? [y/N] y
...
error: A live proof for https://wouter.bolsterl.ee already exists (error #230)

Is this a Keybase issue? If not, what I should I do to fix this?

[maxtaco]

What happens if you go to the Web site, and click the "try again" feature next to the failed proof?

On Tue, Jul 28, 2015 at 9:22 AM, Wouter Bolsterlee <notifications@github.com

wrote:

Keybase sends me mails about my web identity being broken, while the well-known file is valid and accessible.

Running keybase prove web again claims there's already an owenship claim, and any attempt to overwrite it results in an error that a "live proof (...) already exists".

$ keybase prove web https://wouter.bolsterl.ee You already have claimed ownership of https://wouter.bolsterl.ee; overwrite? [y/N] y warn: You'll be asked to post a file available at warn: https://wouter.bolsterl.ee/.well-known/keybase.txt warn: or https://wouter.bolsterl.ee/keybase.txt Proceed? [y/N] y ... error: A live proof for https://wouter.bolsterl.ee already exists (error #230)

Is this a Keybase issue? If not, what I should I do to fix this?

— Reply to this email directly or view it on GitHub https://github.com/keybase/keybase-issues/issues/1711.

[wbolster]

Hmm, could it be that Keybase does not "survive" moving the file from the top location into the .well-known/ subdir? I just revoked the original signature, and created a new one which I posted into .well-known/.... Afterwards it seems to be working again; see https://keybase.io/wbolster.

[wbolster]

@maxtaco It keeps failing when I ask to try again via the web interface.

[maxtaco]

Yeah, once it's found in one location, our proof-checker won't switch to searching in the other location, so currently we ask that you just reprove (as you did).

On Tue, Jul 28, 2015 at 9:26 AM, Wouter Bolsterlee <notifications@github.com

wrote:

Hmm, could it be that Keybase does not "survive" moving the file from the top location into the .well-known/ subdir? I just revoked the original signature, and created a new one which I posted into .well-known/... and now it seems to be working again; see https://keybase.io/wbolster.

— Reply to this email directly or view it on GitHub https://github.com/keybase/keybase-issues/issues/1711#issuecomment-125605425 .

[wbolster]

Okay, then the source of the problem has been identified. May I suggest adding a sentence to the notification mail, e.g. "Note that you need to reprove your web identity if you want to change the location of the signature file."

[chindraba-work]

Keybase has no way to know that you moved the proof. It will look where it was told to look during the proof process. After than, if checking the proof when the proof-file has been moved, all the "client" knows is that it's not found. When trying to redo the proof, the client sees an existing proof, validity unimportant, and refuses to create a new proof. The proving process isn't looking for validity of the old proof, just that it's already registered. Adding more checks, workarounds or overrides would likely open the process to various attacks. I'm not a security expert, but I can think of a a good spoof just by blocking the old location and forcing a re-proof, from a different keybase account, to a new location under my control. I'm sure the black-hats can invent many more than I can.