[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys

On Thu, May 25, 2006 at 02:12:25PM -0500, Manoj Srivastava wrote:
> On 25 May 2006, Stephen Frost spake thusly:

> >>> pffft.  This is taking it to an extreme.  He wasn't trying to fake
> >>> who he was, it just wasn't an ID issued by a generally recognized
> >>> government (or perhaps not a government at all, but whatever).

> >> If you think an ID from a place that issue you any ID when you
> >> pay for it is valid, I probably will not trust a key signed by you,
> >> and I would also suggest other people do not.

> > I wasn't making any claim as to the general validity of IDs which
> > are purchased and I'm rather annoyed that you attempted to
> > extrapolate it out to such.  What I said is that he wasn't trying to
> > fake who he was, as the information (according to his blog anyway,
> > which he might be lieing on but I tend to doubt it) on the ID was,
> > in fact, accurate.

>         He has already bragged about how he cracked the KSP by
>  presenting an unofficial ID which he bought -- an action designed to
>  show the weakness of signing parties. So, this was a bad faith act,
>  since the action was not to show an valid, official ID to extend the
>  web of trust, but to see how many people could be duped into signing
>  his key.

>         Given that he is acknowledges trying to dupe people, why do
>  you think he is not lying about the contents of the ID?

He is acknowledging testing people in real-world conditions to determine
whether they have acceptably strict standards for ID checking.

Accusing him of duping people, of being a braggart for publishing the
results of this experiment, and of acting in bad faith discourages people
from testing the quality of conventional keysigning practices in the future.
Shouldn't we as a community *want* to know about problems with the strength
of people's ID checking, *before* someone smuggles a fraudulent identity
into our ranks?

Where is the indignant outrage towards those 9 out of 10 keysigners who
apparently had no objection to signing a key based on a trumped-up ID card
with no legal validity?  If you really care about the strength of our web of
trust, *they* are who should be named and shamed here.

Of *course* this was done under the laxest possible keysigning
circumstances.  Pre-announcing that someone at the keysigning party will be
showing non-government ID is like warning students of locker inspections a
week in advance -- you might get a warm fuzzy that all the school's library
books are turned in, but you're not going to catch any drug dealers that

> > If you're upset about this because you had planned to sign it and
> > now feel 'duped' then I suggest you get past that emotional hurdle
> > and come back to reality.

>         Rubbish. The reality I am concerned about is someone cracking
>  the KSP and duping people into signing his hey when they had  been
>  fooled into thinking they were looking at an unfamiliar official ID.

The whole reason we have an ID check in the first place as part of the
standard keysigning practice is that we do *not* trust people to be who they
say they are:  if I'm doing what I'm supposed to as a key signer, then I'm
not vulnerable to attacks based on trivially-falsified IDs.  If I'm not
doing what I'm supposed to, the only person I have reason to be mad at is
myself.  If I (or anyone else) can't be trusted to directly and personally
verify the ID of the person whose key I'm (they're) signing, then my (their)
keys add no value at all to the web of trust.  It is better to have no
signatures than to have weak signatures pretending to be worth something.

I applaud your personal decision to revoke signatures for this KSP based on
your doubts regarding the efficacy of your own ID checks under these
circumstances, but I don't think it's appropriate for you to accuse Martin
of wrongdoing.

>         Admittedly, in the world of cracking this is the equivalent of
>  running off with the handbag of an old lady on crutches, which is why
>  one speculates about where the next crack is headed for.

Any injury done to the people at the KSP they have done to themselves.  It's
more analagous to standing next to an icy walkway and studying how many of
the old ladies on crutches walk out on their own and break their hips, vs.
how many ask for his assistance across.  You might think it cruel, but I
don't see any justification for calling it malicious.

>       He did dupe people --- into signing based on an unofficial
> document which can be purchased at will.  And it is obvious that
> large KSP's have tired people, doing a repititive task, and have a
> lot of people unfamiliar with key signing. The conclusion was
> foregon -- rartely do people have scientific studies belabouring the
> obvious.

If you consider it a foregone conclusion that people at KSPs, including DDs,
will exercise poor keysigning practices, why attend the KSP?

I attend KSPs because I'm comfortable that *I* am still checking IDs and
fingerprints properly for all keys I sign, in spite of the circumstances.
But if the KSP size and/or protocol is encouraging poor keysigning practices
on the part of others, then I think we should abolish such KSPs from future
Debian events, instead of criticizing people who've shown up their flawed

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/

Attachment: signature.asc
Description: Digital signature

Reply to: