[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Debconf-discuss] KSP post-mortem: why I won't be able to sign some keys

On 24 May 2006, Jeroen van Wolffelaar stated:

> On Wed, May 24, 2006 at 01:27:35PM -0500, David Moreno Garza wrote:
>> b) If people don't bring the printouts verified at home previously,
>> they couldn't attend the KSP.
>
> You do not need to trust the printouts at all. I got Anibal-printed
> printouts, and that's not a problem, because:
> - I verified with the KSP file whether my own fingerprint was
>   correct, and then visually verified that the md5sum was identical
>   to the one on my printout
> - I verified whether the md5 on the printout was the same as the one
>   read aloud
> - I wrote down the md5sum of the additional list that was read aloud.

> When I'm going to sign keys, I'll not use the printout for anything
> else than to see what names I want to sign keys of. I'm going to
> sign the fingerprints (taken from the file with the md5sum I know)
> that correspond to names that I verified identities of. By doing so,
> I can even automate the process and be done with it within half an
> hour of work, like last year.

        If people actually verified that the file that was
 down-loadable had the same fingerprint as on the pre-printed sheets,
 that's one thing. Assuming they also verified that the file they
 downloaded and verified from had the same md5sum as was read out at
 the ksp.

        However, since no one actually told me this, in detail, I am
 not sure that this process was followed by anyone -- and I have no
 trust path to the people for them to assure me that such a process
 was followed (well, not over email, that is).  On the other hand, I
 did ask everyone whether they had checked their fingerprints and the
 md5sum, and only agreed to sign the keys of people who said they had
 verified both aspects.

        Add to that the relative unfamiliarity with public key
  encryption voice by some of the participants in the SKP, one begins
  to wonder.  Whether I am going to refrain from signing the keys is
  something I have not yet decided yet -- I have no basis to trust
  _anyone_ when they said they verified fingerprint/md5sum, apart from
  the fact they said so, and haveing personally printed the file or
  not has little bearing in the trust equation (some, but not much). 

        manoj
 undecided
-- 
Half the world is composed of people who have something to say and
can't, and the other half who have nothing to say and keep on saying
it.
Manoj Srivastava   <srivasta@acm.org>  <http://www.datasync.com/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C
Reply to: