It will be the case very soon that you can push your key to Keybase and prove all your identities, without ever installing the client the OP dislikes. Technically, you can already, we just need to put together very explicit instructions and documentation that's different for each kind of proof. By ugly necessity, what it takes to prove yourself on twitter is different from github is different from DNS, etc. Documenting the API was our priority coming into this week.
Later this week the site will have very specific instructions on how to prove your identities (even the complicated ones) simply from your shell plus GPG.
Then those who care can verify all those proofs with a script, in a language of their choice. No Node or NPM needed for any of it.
There was some discussion below about "trusting" the Keybase server's definition of the public key that comes back. The goal here is to remove that trust. Software of your choice can download a Keybase user's keys, the links to their proofs.
Just a thought: I like how you walk the user through the steps you took to prove that the owner of the private key signed the tweet. I suggest you also provide the appropriate commands to perform the verification ourselves as well. The client does this, but for users operating without it it'll be very useful.
curl https://keybase.io/[them]/key.asc | gpg --import
http://www.onebigfluke.com/2013/06/bootstrapping-webfinger-w...
I've not actually tried it yet, but it looks pretty damn cool.
Your OS's package manager is simply wrapping up whoever else's software in a nice pretty bow and releasing it. The only veracity it has is that the person who put the bow on it signed it. It's highly unlikely they did any kind of "independent auditing" or managing beyond writing some script to build the software.
Or worse: if Debian is an example, they'll say "I don't understand this code, therefore it's not useful", comment it out, and ship horribly broken software to you.
At the end of the day, you have to trust someone. Whether you trust keybase.io or not is entirely up to you - liz setup an incredibly tedious blog post to basically say just this.
If I cared, I could even cross-verify across distributions by comparing their source tarballs.
> Or worse: if Debian is an example, they'll say "I don't understand this code, therefore it's not useful", comment it out, and ship horribly broken software to you.
The other point of view: they fix software so that it is useful, and I can easily have an integrated system. For the one problem you point out, there are hundreds (or probably even thousands) of useful integration patches that distribution users take advantage of every day, without even realizing it (and those suitable for upstream projects generally get pushed that way, too).
If you don't like distributions, then don't use them. And have fun with that.
Anyway, in our case we (1) like the async programming model, and actively use it -- on the server side, our services tend to be modular and actually speak over RPC layers to each other, not just one big ugly web process. Node is great at this.
And (2) in this case, because we wanted to have a lot of shared code among our first implementation of a client, our browser front end, and our server. It worked very well to work on all three with one language. It's worked out.
I personally miss compiling C++. :-)
There's a very good chance we'll end up writing a Go client for Keybase. We might switch the official reference client once the functionality is more locked down.
Lastly: it's really CoffeeScript, not JavaScript. Which is a different can of worms to open on here.
I've used zsh as my interactive shell for years, but I always still write bash scripts instead of zsh scripts. You can count on bash scripts running just about anywhere.
"Why do people choose JavaScript/node.js to write command line apps over traditional languages for that task like python or ruby?"
and was agreeing with the first part of the sentence and then laughed out loud at the end ...
Are we really in a world where ruby is the old school traditionalist way to write unix utilities ?
EDIT: also wanted to add that node exposes your standard POSIX-style interfaces to the OS, so there's really no reason it can't be a general purpose replacement for other languages for writing system tools.
Perl/Python come installed by default in the majority of distros (and Mac OSX)
They're also more mature at this stage
So, yeah, node may one day be as supported as them, but today it is at a disadvantage.
The thing which terrifies me is that the npm keybase app asks for my GPG key directly in the same window, and it's impossible for me to (easily) tell when the password prompt is from my GPG binary (which I pretty much trust) vs. the npm binary.
I'm using keybase now (rdl), mostly because I trust Chris Coyne personally, and because my key is old. I'm creating a new 4096 RSA key soon, and will be a lot more paranoid about protecting it -- it will only ever exist on read/use only smartcards after initial generation on a secure machine. (sadly, openpgp card doesn't support export and replication, so to be durable, I have to generate it externally and load onto a bunch of cards and then delete the external key; I'm not willing to trust my keys to a single smartcard I carry with me.)
Using keybase with gpg agent is maybe a bit safer. I don't really mind being forced to do bad stuff by keybase, due to the risks to them if they're caught, as long as it doesn't expose my keying material. gpg agent plus a hardware smartcard should mostly protect me. The pure-software alternative would be a bunch of text-file messages which I can manually cut and paste and move around between clearly-distinct processes running in separate shells/windows (or machines!).
I've been thinking about something a lot better than openpgp card, though, as a secure end-user key management device, with more than just key protections. Unfortunately that means making custom hardware, and that makes little sense in the volumes PGP achieves; maybe if there are other client-side security credentials like ssh or bitcoin, I'd do it.
Realistically, I'm not going to validate the keybase binary, npm, etc. every time I update the app. (and even if I am, many users won't). And a "user of interest" could be given a "special" binary pretty easily.
Or, if paranoid enough, you can store the key on a stick (like a cryptostick) - in this case, it doesn't matter what you type in since the key never escapes.
Note that this is all while assuming that you do not trust what runs on your computer.
* keybase acted honestly
* nobody compromised keybases software when it was doing the verification
* _after_ it did the verification, nobody managed to get keybase to switch out `liz`s key for some other key that wasn't really liz's (either because keybase was compromised, or keybase was untrustworthy... maybe because the government made them be?)
That last one is the kicker for me. If keybase catches on, surely they are going to get government orders to swap our one key for another key at some point.
The traditional web of trust does not require trusting any of those things, or at least not in those simple forms.
On the other hand, yes, there are reasons traditional PGP hasn't caught on, and usability is a big one. But, still, to compromise security for usability... if you go all the way there, you just wind up where we are now, not secure at all, right?
So, okay, is there value in going some of the way there, and getting some improved security but not as much as you could, for a more usable experience? Maybe. The danger is that people will think they are getting a lot more security than they are getting, and that situation can be worse than no security at all.
One thing Snowden taught us is that if you have to trust a third party to be honest... it's not that the people running keybase aren't honest, it's that the government will _compel_ them to be dishonest if it ever matters to them.
Assuming you actually do this level of verification yourself (rather than allowing keybase to do it for you), the only thing you have to trust is that Keybase/Twitter/Github/Facebook/etc aren't all simultaneously colluding to give you a bad key. That seems to me like a reasonable assumption in pretty much all plausible circumstances.
It might be cool if there were an open source tool (from keybase or not) that would do this check for you. Most people in the target audience aren't going to be able to do it yourself.
That might be something cool for keybase to provide. (Yes, of course you'd still have to trust the open source tool, but that's why it's open source, etc.).
Before sending something particularly sensitive, you could run the tool to check that the public key you have still matches what was posted on their twitter, facebook, etc. (And yes, if someone can hack the old tweet on twitter, then of course, yeah).
To put it shortly: it's not Keybase that verifies that `liz` is a certain Facebook account. `liz` generates cryptographic proofs and publish them on Facebook, you get them and verify them. Keybase.io can't switch anything, unless also `liz`'s FB (and Twitter, and GH...) is compromised and the proofs switched.
This is a common and understandable misconception with Keybase threat-model, they should probably try even harder to put it up front.
What OP says is that she does not trust the way the tool to generate these proofs is distributed.
However, this does not protect against a malicious service provider from modifying the message to replace it with a different user.
Surely not...
On the website, all crypto is performed in JavaScript, in your browser. Some people have strong feelings about this, for good reason."
There will be 2 ways to "prove" yourself as a programmer on Keybase:
1. running `keybase prove github` (or whatever service) which is interactive; the keybase client can generate the nice statement for you and pass it off to GPG for signing. This is already working.
2. running something in your shell which requires nothing but gpg and standard shell commands. The key elements here are that you need to generate a signed statement connecting your two accounts, and you need to post it on github. This is pretty simple and won't require Node at all.
Oh, and 3. using some other software of your choice that implements 2.
The reason #2 isn't documented yet is that it's a bit more complicated in certain cases. Consider what it takes to perform a twitter proof (click the "show the proof")
https://keybase.io/chris/sigs/DZ9rccBD8u-Att6kQzhHHtw-924s7i...
The signed statement itself isn't hosted on twitter (it won't fit) but needs to be boiled down into an agreeable tweet-sized hash. In order to prove twitter manually, you need to generate this statement, boil it down, make the tweet, and push the statement to Keybase.
All this will come, and our goal with Keybase isn't to require Node or npm for anyone.
Liz wants to authenticate. Keybase sends her a challenge, which she encrypts using her private key. Keybase uses her public key to verify that liz owns the private key for her public PGP key. Easy peasy.
I want to know that liz, is the liz that blogs and liz who forks on github, not necessary her facebook/linkedin/real name.
No thanks. Not going to install a slew of node packages all from untrusted sources so that i can "claim" my name in some PGP key DB. Key DB's are not the way to go. Name associations are worse. As someone illustrated by pumping snowden@<somedomain> or glengreenwald@<somedomain> keys into gpg servers. The adverse effect of this names system has a heavier weight than the positive.
If people want to improve usability they first should start with authentication. That is, authenticating keys. Second they should develop systems that permit for predictable imperfections in a manner that the user can understand.
You say that people should start with authentication. That's exactly what keybase is trying to do. Realize that it's a hard problem. How would you implement it?
1. It assumes that Malory didn't copy paste all the content of Alice's bitbucket/alice account into an unclaimed github/alice.
2. It assumes a state actor cannot change the content on github, twitter, etc at the moment Bob attempts to validate the associates with Alice's keybase name.
3. Many Bob's will misplace their trust in the names on Keybase just as they do with GPG WoT (Web-of-Trust) systems because Bob doesn't really check the assumptions, caveats and things he should before trusting the key is Alice's.
This name/key anchoring will work for casual users of PGP who are not worried about malicious users clever enough to copy+paste enough content to attempt a Sybil attack. It works for people that are probably already in communication with each other for some time. But it should not be used for someone needing to retain anonymity, or anyone worried about state adversaries, or anyone worried about an "advanced persistent" adversary, or in the post-snowden world anyone wanting to communicate with a journalist.
It's point #3, how people actually use/abuse WoT's like this, that I feel outweighs the narrow positive scenarios. Keybase might be an improvement on absolutely horrific and broken existing WoT's such as http://pgp.mit.edu (I cannot believe this thing is still non-ssl only) and it explores imperfect security, which I am a big fan of. I just think WoT's in general have some other fundamental problems.
It seems that I can authenticate, get a few people to track me, than revoke my key and upload a new one. I can also, obviously, recover my password via email.
And at the end of the process, people who were "tracking" me will still be tracking me. I am not sure this is supposed to happen.
APT::Default-Release "precise";
deb http://archive.ubuntu.com/ubuntu saucy main restricted universe
deb-src http://archive.ubuntu.com/ubuntu saucy main restricted universe
Next, run these:
sudo apt-get update
sudo apt-get build-dep -t saucy nodejs
sudo apt-get -b source -t saucy nodejs
dpkg -i nodejs_0.10.15~dfsg1-4_amd64.deb
Package: nodejs
Pin: release n=saucy
Pin-Priority: 1000
I think that's a fair stance to take on early-alpha software.
No thanks.
" It doesn't seem particularly safe for me to trust my valuable PGP keys to this system."
I agree
github report: https://github.com/keybase/keybase-issues/issues/397 blog: http://ejj.io/keybase-io-vulnerability/
And of course, I like that it's distributed and not a business. I don't want people to do business on my identity.
Ultimately you're trusting keybase.io not to mess with the verification process, correct?