[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys

Manoj Srivastava <srivasta@debian.org> writes:

>         Any act of deception, meant to exploit the weaknesses of the
>  system rather than participating in a key signing in good faith is
>  likely to have had this effect, yes.

That's true.  What about Martin's actions, as they have been reported,
makes you think there was any deception going on?

>  An so called "unofficial" document, purchased from some unknown
>  entity, which has not entered into these international agreements,
>  does not carry the same weight.

Oh, this is certainly true.  But there isn't anything particularly
deceptive about me presenting an ID that is *not* from a government;
it simply shouldn't be accepted by itself as evidence of identity,
that's all.  It's certainly not dishonest.

Now, the first people who signed my Debian key were developers who
knew me personally.  They didn't look at any ID at all.  How's that?!
Seems perfectly reasonable to me.  The purpose of the ID is to satisfy
the signatory about identity; if they are otherwise satisfied, then
that's great.

And, incidentally, the Transnational Republic is not an unknown
entity in the objective sense, though certainly a given signer might
not know it.  Signers should certainly not trust IDs from
organizations they've never heard of.

But that doesn't mean that it's wrong to present an ID from such an
organization.  It might well be that the Transnational Republic's
procedures are sufficiently controlled that their IDs are perfectly
trustable, by those who know of its existence and nature.

(For example, my university ID card should not be adequate ID to
someone who doesn't know of the University of California or its
procedures for checking identity.  But to someone who does, perhaps to
a fellow member of the institution, the ID card might well be a
perfectly satisfactory basis for a signature on a key.)

>         If I were to crack a key signing party, using Bubba's travel
>  documents, I too would swear up and down the street that he indeed
>  correctly and diligently verified all kinds of _other_ government
>  ID's when practising his art.

How is it "cracking" to use Bubba's documents?  People who do not know
and trust Bubba should not accept the ID, period.

>         Any one would have their right to doubt further protestations
>  from a known cheater: how do we know this is not an further elaborate
>  test of the credulity of the community at large?

How does Martin rank as a "known cheater"?  You seem to be *assuming*
that he was dishonest, as part of your proof that what he did was
dishonest.  

This looks for all the world as if *YOU* were taken in, and rather
than wipe the egg off your face and promise to check IDs more
carefully in the future, you're blaming him for your failure to notice
that the Transnational Republic is not a real country.

>         I have not, and never will sign your key, ever again.  I don't
>  trust you to present identity papers that are trustworthy -- unless I
>  can get a law enforcement official I select to test and verify your
>  papers, and possibly not then.

Really?  Why?  What has Martin done to lose your trust?  Please lead
me through it carefully, because it seems like you're skipping a
step.  Start with the evidence you have for your assertions, whatever
they are.

>         Well, yes, since the KSP was indeed subverted, I am not
>  signing any keys from this event. I am considering not signing keys
>  from the Debian community, since it apparently condones Bubba ID
>  papers.

How was the KSP "subverted"?

Who has said that IDs from the Transnational Republic are condoned?

Thomas
Reply to: