It seems that with rollout of teams, Keybase guys have fully transitioned to Per-User Keys (PUKs). The PGP is still around, but by default you secure all your communications by PUKs. Given how fundamental this new key distribution scheme has become I'm wondering if anyone has reviewed how secure and reliable the distribution protocol for per-device private portion of the PUKs is. It is very lightly documented here https://keybase.io/docs/teams/puk and what sticks out to me is that Keybase centralized server has now become a SPOF for per-device key distribution (since I can't see how I can put a new PUK to, lets say, devices that are offline)
1 comment
Ask HN: How secured are keybase Per-User Keys? | Heykuki News