[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] PGP and Signed Messages,



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512



On 02/19/2016 06:58 AM, Suphanat Chunhapanya wrote:
> Hi,
> 
> Another way is to use Keybase (https://keybase.io). It will bind
> many different social media (twitter, reddit, github) to the key.
> This means that the attacker needs to compromise all of your
> accounts of those media to forge the key.

I'm not a Keybase user (I've been waiting for more than a year and a
half, I believe for an invite from them) but I have a basic question
about it: What is stopping me from creating a fictitious key for you
and then going and registering a Keybase account for that key,
pretending to be you and listing all of your social media accounts as
my own? Is there some sort of verification that happens?



-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJWxgA3AAoJEAKK33RTsEsVgG0P/AviT8Fyp/Ql4uGJ97wrx9zO
Ell1YruoV+wS7WX+pmB1sPazU4c9Yhz7giAJBli8qJ6jWcGFqLF3yy5BU6iBv1oU
VyG2pv8OrQZQA5AoNb1FkCqOggR9Pq6gIgrM4xS+UDql/TdP8dFAda7MpN+gX9m7
3sOKjhIgTTc/9GuY6Xibyzgqx+fH+2h5EcKrs9J+409RLp8dGsBfiHm5jDJpRVuK
b2VVcSmIHlQ5UPHMIzsuM6gj23eBqUjIV5K4eMSEoK3dQAJhD/fSdaCmptcO48Nh
DySenTNfOipL2n9uzLqQ+ASzyDQVKfK5S3NZplCdZRMiNe/8iL+yVfNthMFyPoJE
v9pMm4T2iQgMr+dbXpaPJ4qUsU7ObHqmR4R9jNG3II53xHZceRLRWISm2KSxTCxl
wEsAk6E5Tr5J/9CiTJd4lgE5/WJJ6cS+4whzo5y5xi0p6d39h4glThZ3k0Nuz7h3
1jsxvU8Iq+ae+yDYGNTE1Q4gEYgpaw82dwQKSFmAXbDxeIhx5aZ7NShAUohTQehg
4dKQB6wyOYxdgkEcoooZ5mb+grVHoBVDBJn5/2hoQ0UWKQ4qRRZHmL9xvWEes3mP
px2tmOWSRlMFtb8jmmIlQ1x1T2KAOfeYOm/TRmdTb0xebAnQHm77ax4fj3bjGpb8
a5rmoCw3pLFhVy49t0YO
=WMTx
-----END PGP SIGNATURE-----

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk