Open copumpkin opened 10 years ago
You are of course entirely correct. We have been slammed though and haven't found time to do so yet.
In a nutshell:
keybase-installer
.That summary is interesting, but I think that what we really need is a threat model explaining the attacks that keybase does and doesn't protect against. For instance, nothing I've read explains why we need Keybase to run the identity server, or to make accounts.
[This may be offtopic for this issue, but it feels more productive to discuss it here than crate a new issue for it. If I'm mistaken, then I'll make a new issue.]
I think it'd be valuable to explain precisely what users are trusting keybase to do and not to do, and what a malicious/compromised keybase could leak.
Things like:
I think being forthcoming about things like that will help gain traction in a security-minded community, and might also help highlight holes that you haven't thought of.