[Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys

To: Manoj Srivastava <srivasta@debian.org>, debian developers <debian-devel@lists.debian.org>, debconf-discuss@lists.debconf.org
Subject: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
From: Wouter Verhelst <wouter@grep.be>
Date: Thu, 1 Jun 2006 10:53:32 +0200
Message-id: <[🔎] 20060601085332.GC15885@country.grep.be>
In-reply-to: <20060531224152.GA16296@javifsp.no-ip.org>
References: <87slmyktps.fsf@gismo.pca.it> <871wuiimii.fsf@glaurung.internal.golden-gryphon.com> <20060525133943.GD13985@khazad-dum.debian.net> <871wuiimii.fsf@glaurung.internal.golden-gryphon.com> <20060525092124.GB17033@timotheus.schuldei.org> <871wuiimii.fsf@glaurung.internal.golden-gryphon.com> <20060527214720.GA5143@lapse.madduck.net> <87verpbiws.fsf@glaurung.internal.golden-gryphon.com> <20060529124833.GG5141@country.grep.be> <20060531224152.GA16296@javifsp.no-ip.org>

On Thu, Jun 01, 2006 at 12:41:52AM +0200, Javier Fernández-Sanguino Peña wrote:
> On Mon, May 29, 2006 at 02:48:33PM +0200, Wouter Verhelst wrote:
> > Then there's the issue of tracing who did an actual upload into the real
> > world. A name on a GPG key is not, by any means, an effective way to do
> > that, since it does not contain enough information to get out the black
> > helicopters. Case in point:
> (...)
> 
> Useless case, you seem to believe that police officers can only trace and
> obtain information from people through Google !

No, I don't. I'm just saying that the name tacked to a GPG key is of far
less useful value than the email address which is tacked to the same.

> I do not know how many cases related to "digital crimes" have you been
> involved with or know of,

Not many, I'll admit.

> so please allow me to enlighten you how it could
> possiby work:
> 
> - somebody named X gets a trojan in the Debian archive through a GPG key
> - SPI (not Debian as it does not have a legal entity in itself) brings the
>   case to a law agency claiming that X has committed a crime
> - the Police traces X to A, B and C (same names != same people)
> - the Police gathers evidence that A and B *might* be in possession of the
>   GPG key and might have done the attack (this includes things like
>   information from ISPs linking a telecommunications contract to a name, data
>   from their communication either publicly available or requested to ISPs or
>   servers)

There, here we are. You've admitted that just the name isn't enough and
that the police needs more, which was my whole point.

If they have a name which might be valid but an email address which is,
I think they have a far better chance at finding the person responsible
than if they have an email address which might be valid but a name which
is.

[...]

-- 
Fun will now commence
  -- Seven Of Nine, "Ashes to Ashes", stardate 53679.4

Reply to:

Prev by Date: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
Next by Date: [Debconf-discuss] BOFs as Talks (was: For the next Debconf KSP: run a "pre-KSP" BOF before?)
Previous by thread: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
Next by thread: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
Index(es):
- Date
- Thread