[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Debconf-discuss] Call for keys for keysigning in Edinburgh during DebConf7

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Manoj Srivastava wrote:

>         Ask someone how the last big keysigning party (debconf6) was
>  subverted. 

It was not subverted IMO.

Madduck played a little game, and some people decided to go with the herd
and accept his ID.  It would have been subverted if the person claiming to
be madduck was in fact Manoj, say.

I didn't sign madduck's key on that occasion, because I've already done so.
 I believe I did sign a new uid on his key, but that was on the strength of
the fact that the person that I know to be madduck told me that he'd added
the uid, and it was on a key that I'd already signed -- the validity of his
ID was irrelevant to that decision.

As a counter example, I remember that at least one person turned up with
inadequate ID to the Helsinki massed-keysigning and were pretty rapidly
ejected from the line.  The reason this didn't happen to madduck is that he
defused what would otherwise have turned into a hail of protest by being
able to produce real ID on demand, and also because he really _is_ madduck.

That being the case, I think you should treat the signatures generated by
massed signings as _more_ valuable than average (for an averagely paranoid
signer), since massed signings give a a herd immunity effect, where the
people that are most paranoid about checking IDs raise the bar so that
people that would otherwise be duped by dodgy ID are protected.

Also, in the massed signings it is very likely that for any presented ID,
there will be someone that is familiar with the format, and so be more
likely to spot forgeries -- I suppose an interloper might try to deal with
that by presenting one of several IDs to people, always choosing one that
they would be unfamiliar with, but that would not get them past the more
paranoid.

Perhaps the only thing that needs to be added to the massed signings is the
idea that people that present inadequate ID need to be loudly denounced and
ejected from the line, so that to survive the procedure one's ID must match
the _most_ exacting standards of those present.  (obviously, we'd need to
be able to deal with trolls who turn up and just reject everything
regardless, but from the way that the ejection worked in Helsinki I'd say
all we need to do is add some encouragement for people to make some noise
about when you reject someone's ID)

Cheers, Phil.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGQYZ2YgOKS92bmRARAoy/AJwPQlj16QQsjUoWEKL/lt8aXTWYfACfZYc6
PAbSEQ4Ug9On7RBT+fOJekY=
=7Riv
-----END PGP SIGNATURE-----
Reply to: