Re: Please revoke your signatures from Martin Kraff's keys

To: debian-devel@lists.debian.org
Subject: Re: Please revoke your signatures from Martin Kraff's keys
From: Daniel Dickinson <alemc.2@bmts.com>
Date: Mon, 29 May 2006 00:20:06 -0400
Message-id: <[🔎] 20060529002006.79bde3c7@revor.fionavar.dd>
In-reply-to: <[🔎] 87verpbiws.fsf@glaurung.internal.golden-gryphon.com>
References: <[🔎] 87slmyktps.fsf@gismo.pca.it> <[🔎] 87hd3egirh.fsf@glaurung.internal.golden-gryphon.com> <[🔎] 871wuiimii.fsf@glaurung.internal.golden-gryphon.com> <[🔎] 20060525133943.GD13985@khazad-dum.debian.net> <[🔎] 87slmyktps.fsf@gismo.pca.it> <[🔎] 871wuiimii.fsf@glaurung.internal.golden-gryphon.com> <[🔎] 20060525133943.GD13985@khazad-dum.debian.net> <[🔎] 871wuiimii.fsf@glaurung.internal.golden-gryphon.com> <20060525092124.GB17033@timotheus.schuldei.org> <[🔎] 871wuiimii.fsf@glaurung.internal.golden-gryphon.com> <[🔎] 20060527214720.GA5143@lapse.madduck.net> <[🔎] 87verpbiws.fsf@glaurung.internal.golden-gryphon.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Er, is it just me or isn't the point of gnupg that there *are* people
you *can't trust*.  We wouldn't be needing digital signatures if
everybody honoured the 'gentleman's agreement' that we should only
sign as ourselves (or at most as a pseudonym that can't be confused for
a real person) in plaintext email.

If the KSP is so weak that it depends on gentleman's agreements to
work, it's been cracked with unannounced malicious intent already, or
soon will be.

The whole point of the web of trust is that you should only say you
trust people you actually trust.  Personally I think a keysigning where
I only know people by ID, is at best a marginal trust.

GnuPG is about security, and security implies that there is a need to
be secure against someone or something.  In the case of GnuPG it's
people pretending to be something they are not.  If you depend on
'acceptable behaviour' to prevent abuse of this system you've already
lost, because the person is pretending to who they are not with
malicious intent, is not going to honour that understanding.  They also
won't tell you about it.

So, again, what's the point of security if it depends on 'acceptable
behaviour' or 'gentleman's agreements' to succeed?

- -- 
And that's my crabbing done for the day.  Got it out of the way early, 
now I have the rest of the afternoon to sniff fragrant tea-roses or 
strangle cute bunnies or something.   -- Michael Devore

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFEenZ9hvWBpdQuHxwRAqioAJ90MDtm99rqadrB9ix1wt6E/1bWbwCcCeBb
fxIQww9KC+oAVaRrIpo3IO4=
=ySo4
-----END PGP SIGNATURE-----

Reply to:

References:
- Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
  - From: Luca Capello <luca@pca.it>
- Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
  - From: Manoj Srivastava <srivasta@debian.org>
- Please revoke your signatures from Martin Kraff's keys
  - From: Manoj Srivastava <srivasta@debian.org>
- Re: Please revoke your signatures from Martin Kraff's keys
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: Please revoke your signatures from Martin Kraff's keys
  - From: martin f krafft <madduck@debian.org>
- Re: Please revoke your signatures from Martin Kraff's keys
  - From: Manoj Srivastava <srivasta@debian.org>

Prev by Date: Re: [Debconf-discuss] list of valid documents for KSPs
Next by Date: Re: [Debconf-discuss] list of valid documents for KSPs
Previous by thread: Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
Next by thread: Re: Please revoke your signatures from Martin Kraff's keys
Index(es):
- Date
- Thread