I see you guys arguing what is easier, wormhole, syncthing, ssh. I'll argue that Keybase is by far the easiest. Just but the files in /Keybase/private/person0,person2
I love Keybase.. they're doing great things to bind public keys to names at large identity providers (twitter, github, etc). And in many cases, the github username of your intended recipient is the only thing you know about them anyways.
magic-wormhole can help you in the case where you're sitting next to someone at a conference and they don't have a github/twitter account, or if you want don't want to depend on github/twitter/etc access control (e.g. if some bug in github allowed gists to be published under other people's usernames, that aspect of the keybase security story would fail).
It might also appeal to folks who don't care for centralized identity providers. When we worked on Mozilla Persona, we tried to make it possible for individuals to run their own IdPs and "own your own identity". Keybase can sorta do that (by proving ownership of an HTTP or HTTPS URL), but magic-wormhole is "better" in the sense that it doesn't have any concept of identity at all. The file goes-to/comes-from the person who knew the same code, end of story.
I'm interested in some sort of combination: maybe a confirmation step that uses a wormhole code to exchange the expected public keys with a Keybase peer, to make sure they're the same, without needing to type or read the full RSA key. (There's a protocol named SAS, "Short Authenticated Strings", that can be useful in this case).
lotharrr|8 years ago
magic-wormhole can help you in the case where you're sitting next to someone at a conference and they don't have a github/twitter account, or if you want don't want to depend on github/twitter/etc access control (e.g. if some bug in github allowed gists to be published under other people's usernames, that aspect of the keybase security story would fail).
It might also appeal to folks who don't care for centralized identity providers. When we worked on Mozilla Persona, we tried to make it possible for individuals to run their own IdPs and "own your own identity". Keybase can sorta do that (by proving ownership of an HTTP or HTTPS URL), but magic-wormhole is "better" in the sense that it doesn't have any concept of identity at all. The file goes-to/comes-from the person who knew the same code, end of story.
I'm interested in some sort of combination: maybe a confirmation step that uses a wormhole code to exchange the expected public keys with a Keybase peer, to make sure they're the same, without needing to type or read the full RSA key. (There's a protocol named SAS, "Short Authenticated Strings", that can be useful in this case).