[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Please revoke your signatures from Martin Kraff's keys


        It has come to my attention that Martin Kraff used an
 unofficial, and easily forge-able, identity device at a large key
 signing party recently.  This was apparently to belabour the obvious
 point that large KSP's are events where it is hard to reasonably
 check. in a large international KSP, anything beyond matching
 pictures/names/expiry dates, especially after an hour or so after

        Presenting essentially a fake ID is an act of bad faith that
 leads one to wonder how many of the other key signing parties he has
 attended did he present a false ID?

        I will not be signing his keys, ever, based on this action of
 what I consider to be bad faith.  Based on discussion with other
 people who seem to find this action amusing, but not unacceptable, I
 find that my decision to vaive my personal requirements of two forms
 of ID was probably a mistake, and I am probably not going to be
 signing any of the keys.

        I must confess to being deeply disappointed. A large KSP ,
 especially when conducted standing up, is an exhausting affair under
 the best circumstances, but if people are interested in gaming the
 system and acting in bad faith to show how weak the system is, then I
 think the system is unworkable.

        Based on this, I strongly suggest that mere signatures on a
 new maintainers key from a DD be also  not enough, since people have
 now effectively proven how easily signatures may be obtained at a
 large KSP by just about anyone with money for a easily faked ID.

"The most important thing in a man is not what he knows, but what he
is." Narciso Yepes
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to: