Issues / Criticisms raised by third parties

[exiledsurfer]

When i asked a highly respected colleague if he would like an invite, he sent me this post: http://blog.lrdesign.com/2014/03/thoughts-on-keybase-io/

I think it would be cool if the developers of keybase responded to the issues he raises -- and it might be interesting to integrate his shell scripts. I smell misunderstanding and skepticism in his post, but also some valid issues that i think it would server keybase's developers to answer to :-)

[zQueal]

[...], paranoid, technical people [...]

That's basically all I took away from that article. Simple fact of the matter is, is that no one is forcing anyone to use anything. If you're more paranoid because you're encrypting state secrets with PGP (you're an idiot, but okay) then obviously don't use any form of compromisable web interface or combination for PGP encryption. Keep your private key offline, and preferably off of intermediate infrastructure as well.

The thing we all need to remember is that no matter the encryption algorithm or processes that we use to keep ourselves safe we're always fighting the clock until someone figures out how to circumvent our security measures. That being said, with the times that we live in there are people who are simply paranoid and not technical people that are looking for ways to protect themselves from prying eyes. PGP is a step in the right direction but it's notoriously difficult to use if you're not familiar with the command line. Keybase is a happy medium--it clears up the command line for those who wish to use it, and for those who don't or can't can fall back on the web interface.

So it should be possible to write an all OpenPGP implementation that does everything that Keybase does on the command line ... without the central Keybase service.

Sure, but as an average user who would only using Keybase, or PGP for that matter, to communication between individuals what the hell do I care what keybase is using as long as I think it's secure. I don't care who you are or what you do, you could have invented modern cryptography--but if I like a software and think it's secure I'm going to use it regardless of what your white paper says. Most modern consumers will agree as evidenced by the great number of house fires every year from deep-fried turkeys despite the numerous articles every year airing the dangers of doing such a thing. But hey, not everyone's a genius, and I'm more than sure I fall into that category as well. One thing I really hate about the cryptography community is their ability to completely destroy an idea because of basic security flaws that could easily be patched, especially with early or developing software. Keybase just so happens to be one of those ideas. Is Keybase being implemented perfectly? Probably not. But point out a single software where while in alpha stage it was being implemented perfectly and I'll gladly kiss your butthole.

Obviously I'm not cryptography expert and am only a lonely developer, and I mean no disrespect to your colleague who, I'm sure, is much more versed in the ways of cryptography than I--I just think it's stupid to hold a mirror up to a developing technology that can really do some good by helping to bring modern cryptography to the mainstream and say:

"OH EM GEE! Look at all the terrible things they're doing. Nope, I wouldn't have done it that way, so it's WRONG! What!? Why do it that way! That's just stupid, it's not even common convention!"

[exiledsurfer]

i'm on your side, Zach :-) And i totally agree with your argument, it's the same one i make - i pointed out the article to you so you could make your case there :-) Unfortunately, i know a lot of people in the cryptography space who raise these concerns ... so, don't take my posting this here as a challenge to what keybase is doing, it's only input. Rock on :-)

[malgorithms]

Hi @exiledsurfer - I think if you follow any crypto project designed to make PKI more accessible, you'll find a handful of bile and hatred. Mostly from people who prefer either (a) the status quo, where crypto is extremely unpopular, or (b) even more security, at further cost to convenience, making it even less popular.

Generally @maxtaco and I stay away from these kinds of posts, because I don't think they're very productive. We disagree with them on so many levels, and while they are vocal, they are not representative.

Here's what most crypto fans lament: almost no regular people have public keys, and given a public key, it's almost impossible to verify it's the right one.

I think the people who write articles like the one above are inadvertently pushing towards an elite world where this problem continues, where no one but them has access to privacy and security software. That status quo is fine for them.

In contrast to that article, most of the response we've gotten about Keybase has been extremely positive. Even a large contingent of the lurkers who hang out and flame every crypto project on Hacker News think Keybase is solving a real problem - and these are people we weren't necessarily expecting to get on board.

Still, to address things, here are common complaints, pulled as quotes from that article.

There's a principle in computer security that you don't invent your own crypto. Which is exactly what Keybase is doing.

An identity proof on Keybase is a signed PGP statement posted on Keybase, github, or twitter, using very old, proven crypto, making a statement about a person's identity. Further, that statement (and its revocation) can both be generated in GPG with commands we show people how to write.

In fact, you can sign and post statements on Keybase just using GPG and cURL, and you can download and verify them that way too.

The statements are very simple and require no "invented" crypto.

By contrast, the goal with PGP is that you can extend the human trust of meeting someone face-to-face to communications on line.

I think that's a poor goal. It's not adequate.

I think this is the deep problem with the PGP "web of trust", and it's missing a huge opportunity. I think it's wrong for many reasons. It's wrong (1) in theory, because the people you interact with on a computer are not necessarily the same people you interact with in real life. And it's wrong (2) in practice, because when you need someone's public key, usually it's too late to meet them in person, even if you have met. And it's wrong (3) empirically, because it has failed to reach the masses after decades of availability.

The web of trust doesn't work. If you've used classic key servers or been to a key signing party, and you have yet to slit your wrists, then you have survived a living nightmare few others will ever endure. And for the record, even smart people get confused at key signing parties, making identity reviews a dangerous mess; the web of trust isn't very trustworthy.

Keybase is different from the web of trust, because it is philosophically different. With Keybase a "person" is not their name, but the sum of their known public identities, as long as those identities all agree. This core idea isn't new. People have been talking about something like Keybase for years, but no one has made it happen.

Does this work for people you know? Well, if you know someone in real life, then Keybase still works because you probably already know their online identities - no awkward fingerprint passing required. And if you don't know their online identities, they can either (a) tell them to you, or (b) do the fingerprint thing anyway, bringing it back to ye olde PGP experience.

Does it work for people you know only online? Consider, say, another software author, a famous writer, someone you work with remotely, etc.; these people you know by the sum of their online identities, not by driver's license or back channel communication. So it's actually the ideal solution for them, not some horrible chain of YOU trusting A, A trusting B, and B having met someone with your target's name at a key party, and finally you then deciding (hoping) this is the same person who has these public identities you care about.

And for their Keybase-proven key to be compromised, all their public identities would have to be compromised, publicly, on an ongoing basis. This would be noticeable, both for public figures and people you know personally.

---

Last, I just wanted to point out the person seems to have some personal bones to pick with us:

... simply unqualified to design and run a cryptographic system...

...and I think it's pretty irrelevant that they're coming from OkCupid...

... I imagine two undergrads starting a bank in their dorm room...

This kind of stuff just isn't very surprising.

I'd rather not answer these, but addressing the first: Max has his PhD from MIT (http://pdos.csail.mit.edu/people.html), and he has specifically studied crypto and security since we were undergrads, starting in the 90's, through his PhD work, and still now. He's also in close touch with a lot of people in the field and talks a lot about what we're doing and how we're doing it. I don't know what this author's problem is, but I suspect there's something going on here, since he or she is trying too hard to be colorfully insulting to us.

[exiledsurfer]

hey, @malgorithms, i'm in awe of both of your willingness to put so much effort (and valuable time) into answering to these issues - and both of your responses are satisfactory for me (and for many others). Every niche of the online world (not just crypto) has it's extreme voices, and i try to consider all sides. Again, this post was not a challenge to you both, but an opportunity for you to say what you have said here. I think it's also good that it is part of the public record. Haterz gunna hate, potatoes gonna potate. Tip of the hat, and move forward. I'm trying to use my invitations to bring in valuable people who understand the importance of making gpg more of a daily routine for the normal user, and keybase furthers that goal, imho. Rock on.

[malgorithms]

Haterz gunna hate, potatoes gonna potate

hahaha

[zQueal]

And i totally agree with your argument, it's the same one i make

I got that from your initial post, most of it was just me venting, I suppose. I support strict security protocols but all too often we throw functionality to the wayside in support of empirical security standards--which is totally fine to a point, but down the road you start throwing important things out the window for the sake of "impenetrable" security which breeds a mindset that cryptography is far too advanced for the average layman to even consider using. I don't believe that nor do I support that mindset.

For me, it really boils down to something Benjamin Franklin once said: "Those who sacrifice liberty for security deserve neither." Of course he had something totally different in mind at the time, but I think it applies here, too. People need a usable client and great security. Not amazing security and a shit client.

[malgorithms]

ok, closing this!