keybase / keybase-issues

A single repo for managing publicly recognized issues with the keybase client, installer, and website.
900 stars 37 forks source link

Possible Typo in keybase.io/docs/server_security/tracking docs #2188

Open rgardner opened 8 years ago

rgardner commented 8 years ago

Step 2: the computer review

In simplest terms, the Keybase client guarantees that "maria" has access to three things: (1) the Keybase account, (2) the twitter account, and (3) the private key referenced back in step 1.

(emphasis mine)

This should be public key, right?

The JSON object in step 1 says the following keybase_username has this public_key, twitter_username, and twitter_proof. I get that "maria" should have the private key corresponding to that public key, but isn't that too strong a statement?

malgorithms commented 8 years ago

hmm, I think this is correct with a minor clarification...

"maria" has access to the private key that corresponds to the public key in step 1, since only the holder of the private key can generate that signed statement, and only "maria" can post it on keybase, and only "maria2929" can post it on twitter. This ties them all together.

Perhaps I should change this:

(3) the private key referenced back in step 1.

to:

(3) the private key that matches the public key referenced back in step 1.

what do you think? I'm a bit worried about the writing getting too dense, so a more concise alternative would be better.

rgardner commented 8 years ago

I prefer your change to the original, but agree with the goal of keeping it concise.

Maybe one of these?

(3) the private key matching the public key referenced back in step 1.

(3) the public/private key pair referenced back in step 1.

What surprised me was that the private key was not explicitly mentioned back in step 1 ("wait, was the private key in the JSON object? That doesn't seem right.") The public key was the thing being referenced in step 1.