[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Debconf-discuss] Please revoke your signatures from Martin Kraff's keys

Manoj Srivastava dijo [Thu, May 25, 2006 at 02:36:37AM -0500]:
> Hi,
>         It has come to my attention that Martin Kraff used an
>  unofficial, and easily forge-able, identity device at a large key
>  signing party recently.  This was apparently to belabour the obvious
>  point that large KSP's are events where it is hard to reasonably
>  check. in a large international KSP, anything beyond matching
>  pictures/names/expiry dates, especially after an hour or so after
>  starting.
>         Presenting essentially a fake ID is an act of bad faith that
>  leads one to wonder how many of the other key signing parties he has
>  attended did he present a false ID?
> (...)

The person standing next to me, Rodrigo Gallardo, spotted Martin's
fake ID. I went to him just after the KSP finished, and yes, he waved
me his real country ID papers. 

Anyway, I do think his ID is still more credible than many national
IDs. Some people complained that Graham Wilson had only a Texas driver
license - Well, I showed him _three_ different official IDs - The
elector card (Mexico's main official document), my driver license and
my University worker card. None of them has an expiry date (the
University one has an issue date and is refrended yearly, but does not
formally expire). 

Not only that - I'm not saying I do this on purpose, but just to play
it safe (i.e. not to leave my main ID at a stupid building door), I
carry old versions of two of my ID cards with me. 

I have to add one more thing: His fake ID looked way more serious than
_any_ of the IDs I've ever had. Including my passport (which I didn't
bring to Debconf). So this does not fundamentally show bad will on his
part, but a real weakness in our protocol.

Maybe we should just drop holding KSPs, and fall back to the
traditional method of "Hey, nice dinner we had yesterday. Say, now
that you know me, my family and my history, would you like to sign my
key as well?" - Signing for people you actually know, not just linking
faces to government IDs.

As for Madduck: I hold as a proof of his identity his book, which has
a photo of him, and I have since Debconf6. It's possible, but still
very hard, to go through all the work to write a book and put your
photo in it just to impersonate somebody :)


Gunnar Wolf - gwolf@gwolf.org - (+52-55)5623-0154 / 1451-2244
PGP key 1024D/8BB527AF 2001-10-23
Fingerprint: 0C79 D2D1 2C4E 9CE4 5973  F800 D80E F35A 8BB5 27AF

Attachment: signature.asc
Description: Digital signature

Reply to: