-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On 02/19/2016 06:58 AM, Suphanat Chunhapanya wrote: > Hi, > > Another way is to use Keybase (https://keybase.io). It will bind > many different social media (twitter, reddit, github) to the key. > This means that the attacker needs to compromise all of your > accounts of those media to forge the key. I'm not a Keybase user (I've been waiting for more than a year and a half, I believe for an invite from them) but I have a basic question about it: What is stopping me from creating a fictitious key for you and then going and registering a Keybase account for that key, pretending to be you and listing all of your social media accounts as my own? Is there some sort of verification that happens? -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJWxgA3AAoJEAKK33RTsEsVgG0P/AviT8Fyp/Ql4uGJ97wrx9zO Ell1YruoV+wS7WX+pmB1sPazU4c9Yhz7giAJBli8qJ6jWcGFqLF3yy5BU6iBv1oU VyG2pv8OrQZQA5AoNb1FkCqOggR9Pq6gIgrM4xS+UDql/TdP8dFAda7MpN+gX9m7 3sOKjhIgTTc/9GuY6Xibyzgqx+fH+2h5EcKrs9J+409RLp8dGsBfiHm5jDJpRVuK b2VVcSmIHlQ5UPHMIzsuM6gj23eBqUjIV5K4eMSEoK3dQAJhD/fSdaCmptcO48Nh DySenTNfOipL2n9uzLqQ+ASzyDQVKfK5S3NZplCdZRMiNe/8iL+yVfNthMFyPoJE v9pMm4T2iQgMr+dbXpaPJ4qUsU7ObHqmR4R9jNG3II53xHZceRLRWISm2KSxTCxl wEsAk6E5Tr5J/9CiTJd4lgE5/WJJ6cS+4whzo5y5xi0p6d39h4glThZ3k0Nuz7h3 1jsxvU8Iq+ae+yDYGNTE1Q4gEYgpaw82dwQKSFmAXbDxeIhx5aZ7NShAUohTQehg 4dKQB6wyOYxdgkEcoooZ5mb+grVHoBVDBJn5/2hoQ0UWKQ4qRRZHmL9xvWEes3mP px2tmOWSRlMFtb8jmmIlQ1x1T2KAOfeYOm/TRmdTb0xebAnQHm77ax4fj3bjGpb8 a5rmoCw3pLFhVy49t0YO =WMTx -----END PGP SIGNATURE----- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
