[messaging] Keybase Proofs

Max Krohn themax at gmail.com
Tue Nov 18 18:01:23 PST 2014


Subject was: WhatsApp & OWS team up

> On Tue, Nov 18, 2014 at 5:11 PM, John-Mark Gurney <jmg at funkthat.com> wrote:
> 
> Can you always delete that proof assertion for related services? and
> is it a fatal error for that proof not to be present?  i.e. prevent
> someone from using a compromised key?
> 

The current command-line client checks proofs when encrypting or verifying signatures.  So if you are concerned your
key has been compromised, you should delete all proofs for the key, and others' CLIs will generate some ugly warnings.

For example, I changed my local DNS resolver to look at 127.0.0.1 for github, twitter, and tbray.org, then did:

$ keybase encrypt -s -m "hello" timbray
info: ...checking identity proofs
✔ public key fingerprint: 5CA3 909D 4B43 FFBE 00AA 74EE 0944 5443 3D71 BBD9
✖ "timbray" on twitter: https://twitter.com/timbray/status/514807580443828224 (failed with code 101: connect ECONNREFUSED)
✖ "timbray" on github: https://gist.github.com/6b99b4679131326b6563 (failed with code 101: connect ECONNREFUSED)
✖ admin of tbray.org via HTTPS: https://tbray.org/.well-known/keybase.txt (failed with code 101: connect ECONNREFUSED)
Some remote proofs failed!
Still verify this user as timbray? [y/N] n
warn: Bailing out; proofs were not accepted
error: operation was canceled


If you deleted the relevant tweets/gists/files, you’d get similar failures.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141118/8b5118b0/attachment.sig>


More information about the Messaging mailing list