[messaging] Keybase Proofs

Tony Arcieri bascule at gmail.com
Wed Nov 19 10:14:06 PST 2014

On Wed, Nov 19, 2014 at 6:19 AM, Maxwell Krohn <themax at gmail.com> wrote:

> Exactly, we put more checks into our PGP implementation as a result of
> this discussion:
> https://github.com/keybase/kbpgp/commit/ef9f264c5d4bd6e908d8da26c84863dffa19a662

Yes, you did what I just said above:

"I am sure you can find one-off mitigations for attacks of this nature as
they arise"

But then the problem is everyone implementing your protocol needs to copy
these mitigations, and ensure they're done correctly, or you'll have
insecure clients (like Tim is worried about)

If you just published key fingerprints with the proofs, none of this would
be a problem.

Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141119/03d398d8/attachment.html>

More information about the Messaging mailing list