Re: [Debconf-discuss] list of valid documents for KSPs

[Frank Küster <frank@debian.org>]

Manoj Srivastava <srivasta@debian.org> wrote:

>         The person who I thought was Marting has apparently revealed
>  that the identity documents that were preseted to the key signing
>  party participants were ones that did not come out of a trusted
>  process.  Typically, the identity papers are produced by official
>  bodies, like governments, that have international treaties in place
>  to assure a minimal conformance of identity checks.
>
>         Given that, it is entirely reasonable to ask for signatures to
>  be revoked,  since this was not the first time such an "experiment"
>  has apparently been conducted.

I don't think that follows.  It's entirely reasonable that you notify
people of this, and ask them to try to remember, or otherwise verify
whether they have actually seen a government ID or something else - and
in case they are unsure, it makes sense to revoke the key.  But not in
general. 

>> Do you see how rediculous this is?  How irrational you are being?
>
>         I think you are the one being irrational talking about a "web
>  of trust" and blithely signing keys for people who conduct "tests" to
>  see how weak processes of "trust" are.

To me it rather seems people are talking about how untrustworthy a web
of trust must necessarily be, especially if you do not take into account
manually assigned trust values.  And you seem to be the person who
proposes that, when adhering to certain procedures, a web of trust
actually could be strong and very trustworthy.

Regards, Frank
-- 
Frank Küster
Single Molecule Spectroscopy, Protein Folding @ Inst. f. Biochemie, Univ. Zürich
Debian Developer (teTeX)