The problem is that you don't want something too unchangeable because if the derived key is somehow discovered (or you get your retina scanned when entering a country -- which happens in Australia, the US, Japan and quite a few other places) then you cannot change your keys and you're stuck with useless keys. To resolve this you have to devolves it an elaborate PBKDF using your retina as a salt.
Personally I really dislike the concept of identity-based crypto, mainly because it make anonymity much harder. Keybase is very clever in how they attempt to solve the identity-based problem, but I'm not convinced if it actually makes this any more secure than just using WoT.
And then there's the part where people lose or damage fingers or retinas. Accidents happen. Your crypto may not be the first thing that comes to mind when you suffer injury, but it's a real problem in any population large enough.
Personally I really dislike the concept of identity-based crypto, mainly because it make anonymity much harder. Keybase is very clever in how they attempt to solve the identity-based problem, but I'm not convinced if it actually makes this any more secure than just using WoT.