[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Please revoke your signatures from Martin Kraff's keys

On Thu, 25 May 2006, Manoj Srivastava wrote:
>         It has come to my attention that Martin Kraff used an
>  unofficial, and easily forge-able, identity device at a large key

Should you not have *signed* a message of this sort?  I certainly won't do
anything until I know for sure it came from you.  And preferably, we need to
hear Martin's side as well, before doing anything hasty (like either signing
keys, or revoking signatures of keys).

>         Based on this, I strongly suggest that mere signatures on a
>  new maintainers key from a DD be also  not enough, since people have

We need an alternative, then.  Any ideas?

The easy answer are passports, but not everyone has passports with proper
security devices (and I mean this as not everyone lives in a *country* which
issues such passports, so they are effectively impossible to get for these
people).  And we don't teach DDs how to verify those either (which we
should, it is always a good idea to know these things. Any pointers?).

>  now effectively proven how easily signatures may be obtained at a
>  large KSP by just about anyone with money for a easily faked ID.

This has been a question of trusting enough people to not to game the system
since day one, and you know it.  Fortunately, up until now, nobody had tried
to do so... *that we know of*.

  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to: