I agree that the “web-of-trust” alternatives aren’t great. I’m a little worried about this service not being open source though. Otherwise, how can I trust they are doing things correctly?
I know both Max and Chris. They plan to open source absolutely everything they can, including the public data. They won’t release, obviously, password hashes and server side, encrypted private keys (should a user choose to use them).
Hey, Chris here, one of the makers of Keybase (https://keybase.io/chris). The client will be open source. Not only that, but we hope the community makes its own clients, and we’ll try to make that as transparent as possible by publishing all the API calls and require no API key. I should also add: the premise of the Keybase client is that a Keybase server is not trusted - whether it’s ours or someone else’s. Open sourcing server-side software is great but not good enough, as there’s not a guarantee the server is running the software everyone is reviewing.
Let me just say that I hosted a key signing party at the last Hack and Tell in NYC, and it was a lot of work. And, to be honest, I’m not sure it got us much more than what Keybase would except that we, in person, said that this was our key.
[Comment removed by author]
I agree that the “web-of-trust” alternatives aren’t great. I’m a little worried about this service not being open source though. Otherwise, how can I trust they are doing things correctly?
I know both Max and Chris. They plan to open source absolutely everything they can, including the public data. They won’t release, obviously, password hashes and server side, encrypted private keys (should a user choose to use them).
That’s all I need to here. I’d love to help out once the code is ready.
Hey, Chris here, one of the makers of Keybase (https://keybase.io/chris). The client will be open source. Not only that, but we hope the community makes its own clients, and we’ll try to make that as transparent as possible by publishing all the API calls and require no API key. I should also add: the premise of the Keybase client is that a Keybase server is not trusted - whether it’s ours or someone else’s. Open sourcing server-side software is great but not good enough, as there’s not a guarantee the server is running the software everyone is reviewing.
Let me just say that I hosted a key signing party at the last Hack and Tell in NYC, and it was a lot of work. And, to be honest, I’m not sure it got us much more than what Keybase would except that we, in person, said that this was our key.