[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys

On Thu, May 25, 2006 at 04:08:31PM -0400, Stephen Frost wrote:
> He didn't try to dupe people and this claim is getting rather old.
> Duping people would have actually been putting false information on the
> ID and generating a fake key and trying to get someone to sign off on
> the fake key based on completely false information.  The contents of the
> ID were accurate, as was his key, there was no duping or lying.
> Whineing that he showed a non-government ID at a KSP and saying that's
> "duping" someone is more than a bit of a stretch, after all, I've got
> IDs issued by my company, my university, my state, my federal gov't,
> etc.  Would I be 'duping' people if I showed them my company ID?  What
> about my university ID?  Would it have garnered this reaction?  I doubt
> it.

Indeed, duping people would have been if he had passed himself off as
AJ, and managed to get people to sign a bogus key as belonging to the
DPL.  That would have been a demonstration that would have been really
obnoxious, and would justify your reaction.   

In this particular case, he did not assert incorrect information, but
rather (to use an X.509 analogy) used a Certificate signed by an
untrusted Certification Authority.  The fact that some people were
willing to trust is about as surprising as the fact that many people
click "OK" when they see a certificate signed by CA not in the
browser's trusted list.  But he didn't perpetrate fraud in any way.
So this is not a surprise, and it's not what I would call an
earth-shaking result.  

But nevertheless, Manoj, I think you are over-reacting.  

Chill.  Relax.  Have a alcoholic or non-acoholic beverage of your
choice.  :-)

						- Ted

Reply to: