Re: [Debconf-discuss] list of valid documents for KSPs

To: debian-devel@lists.debian.org
Subject: Re: [Debconf-discuss] list of valid documents for KSPs
From: Henning Makholm <henning@makholm.net>
Date: Sun, 28 May 2006 15:58:37 +0200
Message-id: <[🔎] 87slmu45f6.fsf@kreon.lan.henning.makholm.net>
References: <[🔎] 871wuiimii.fsf@glaurung.internal.golden-gryphon.com> <[🔎] 87lkspg5zr.fsf@glaurung.internal.golden-gryphon.com> <[🔎] 20060525222648.GB6863@glandium.org> <[🔎] 200605251745.45833.baloo@ursine.ca> <[🔎] 20060526145419.GA9673@javifsp.no-ip.org> <[🔎] 20060527152835.GA3026@esaurito.net> <[🔎] 20060527211248.GB5547@mauritius.dodds.net> <[🔎] 20060527225329.GA9638@gwolf.org>

Scripsit Gunnar Wolf <gwolf@gwolf.org>

> There is something, though, that I think would be a worthy addition to
> future KSPs, if we continue to hold them: Many of us have our photo as
> part of our key. Maybe if the printed sheet was not plain-text but
> included those photos that are available, it would be at least a
> slight improvement?

How exactly would that help anything? That is, under which attack
model would it improve the security of the system?

Note that when you stand before a stranger at a KSP, it is _not_ in
doubt that he controls the _key_ that he wants you to sign. (Or
rather: if he does not control it, he would have nothing to gain from
having you sign it). Submitting a (signed) photo in avance would prove
nothing but his control of the key, and that is not an intersting
property.

What _is_ in doubt is that his real-life identify is the same as the
user id that he wants you to sign. And the fact that someone has a
photograph of himself says nothing about what his name is. _Anybody_
can have a photograph of themselves, easily, no matter whether they
are who they claim to be or not.

Thus the relevant attack model is: An attacker creates a key and types
in somebody else's name as an uid. He goes to key-signing parties and
tries to get other participants to sign the connection between his
actual key fingerprint and the false name he has assumed.

How would it help prevent such an attack that the attacker could
supply a photo of his own to the KSP organizers and have all of the
participants check that he looks like he does? On the contrary, it
would inspire confusion because some participants would _think_ that
the fact that the fraudster looks exactly like the photo he himself
supplied could somehow mitigate the mismatch with the photo on the
official ID document he presents.

-- 
Henning Makholm          "Ambiguous cases are defined as those for which the
                       compiler being used finds a legitimate interpretation
                   which is different from that which the user had in mind."

Reply to:

References:
- Please revoke your signatures from Martin Kraff's keys
  - From: Manoj Srivastava <srivasta@debian.org>
- Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
  - From: Manoj Srivastava <srivasta@acm.org>
- Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
  - From: Mike Hommey <mh@glandium.org>
- Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
  - From: Paul Johnson <baloo@ursine.ca>
- Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
  - From: Javier Fernández-Sanguino Peña <jfs@debian.org>
- list of valid documents for KSPs (was: Please revoke your signatures from Martin Kraff's keys)
  - From: Filippo Giunchedi <filippo@debian.org>
- Re: [Debconf-discuss] list of valid documents for KSPs (was: Please revoke your signatures from Martin Kraff's keys)
  - From: Steve Langasek <vorlon@debian.org>
- Re: [Debconf-discuss] list of valid documents for KSPs (was: Please revoke your signatures from Martin Kraff's keys)
  - From: Gunnar Wolf <gwolf@gwolf.org>

Prev by Date: Re: Request for key signing in Shanghai
Next by Date: Re: proposal for a more efficient download process
Previous by thread: Re: [Debconf-discuss] list of valid documents for KSPs (was: Please revoke your signatures from Martin Kraff's keys)
Next by thread: Re: [Debconf-discuss] list of valid documents for KSPs
Index(es):
- Date
- Thread