zQueal
commented
10 years ago Open ghost opened 10 years ago
zQueal
commented
10 years ago 
malgorithms
commented
10 years ago @jlb1234 - @maxtaco and I talk about this a lot. One thing we can't decide on is whether email really is the solution in this case, or whether there should be something outside of email -- sort of an encrypted messenger protocol baked into keybase. On one hand email is easier. On another, some advantages to a "messenger" could be:
Anyway, still thinking...
ghost
commented
10 years ago What makes email easy is that you only need to handle the sending of the message. It should just be an easy method I sending something. It doesn't even need to give users the ability I set subject and body of the actual email. It would send a basic 'this is an encrypted message sent from keybase' email message and the actual message or file from the sender would be attached. Then the recipient would download it to their computer and open it locally using the keybase cli.
ghost
commented
10 years ago Still thinking about this. Are you suggesting a pseudo email system ('private messaging') actually within the keybase app? Theoretically it would also be possible to let non keybase users send encrypted messages or files through the web interface similar to the ability to encrypt files and messages there now -- it would just then get sent to them automatically.
esbullington
commented
10 years ago If you do go through with an e-mail integration, I think it would be great if I could use Keybase to send an e-mail to someone with no PGP keypair that says "Eric wants to send you an encrypted message, please click [link] to sign up for a PGP keypair with keybase, at no charge" and then send them to an incredibly simple on boarding process to signing up for Keybase and getting their first keypair.
And then e-mail me the public key once they sign up.
Anyway, ideas...
ghost
commented
10 years ago Great idea, Eric. But the problem is that if the recipient's email account is compromised, and a hacker clicks the link to create the Keybase account and PGP keypair, there is no way to know that the recipient was not the one who created the keypair. Theoretically external proofs would resolve this issue but if a person's email account is hacked it's good to presume that their access to other social networks such as twitter are also compromised.
compumike08
commented
7 years ago @malgorithms: I like the idea of an encrypted messaging protocol built into Keybase, however right now I'd be more interested in a built-in/integrated e-mail client if it could be done faster. The added hastle of having to encrypt a message in Keybase and copy and paste it into an e-mail, or having to copy an encrypted email into Keybase to decrypt it, is going to cut down on the number of people who are willing to use Keybase for encrypted messaging (e-mail or otherwise). I've talked to few friends who have tried Keybase after I gave them invitations, and they all said while they played around with Keybase for a few hours after installing it, they hadn't touched it since. They all liked the idea of Keybase, but for most people Keybase just doesn't have enough practical uses that are also user friendly. I realize that Keybase is still in the alpha stage, however I too was surprised when I first tired Keybase only to find that using it to send encrypted e-mails was so difficult, requiring so much copying and pasting. Keybase is so perfectly suited to making PGP encryption for e-mails easily available to the world, I was surprised that Keybase had yet to make more progress towards integrating Keybase with sending/receving encrypted e-mails. I would strongly suggest creating some sort of simple e-mail client application that can send and receive e-mails from a user's e-mail account of choice (e.g. gmail, yahoo mail, etc.).
Basically, I want to be able to quickly find someone in Keybase in some sort of simple GUI application e-mail client running on my local computer, and compose an e-mail to that person which would automatically be encrypted. Also, when using that e-mail client application to view my e-mail Inbox, I want to be able to open up encrypted e-mails and have them automatically decrypted.
Zawinski's Law states that "Every program attempts to expand until it can read mail" - but it may seem to be useful for Keybase to be able to send messages (not necessarily to read them) from the cli client. If you add SMTP settings to Keybase, it would allow you to say for example:
keybase message chris... and then it would bring up an interface where you can easily send an encrypted message to the email address associated with chris' account.
Similarly,
keybase message chris -attach file.jpg... would send a message to chris' email with the file attached.