Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On Thu, May 25, 2006 at 02:12:25PM -0500, Manoj Srivastava wrote:
> He has already bragged about how he cracked the KSP by
> presenting an unofficial ID which he bought -- an action designed to
> show the weakness of signing parties. So, this was a bad faith act,
> since the action was not to show an valid, official ID to extend the
> web of trust, but to see how many people could be duped into signing
> his key.
I was not there, so I might miss quite many things, but from readings
seems that he showed his real ID under a presumably faked ID card, and
some people signed his key based on it.
> Given that he is acknowledges trying to dupe people, why do
> you think he is not lying about the contents of the ID?
This is a question for the people that signed his key based on the
apparently evidently faked ID card.
I do not think that was Martin who cracked the KSP, but the people who
signed his key based on extremely doubtful identification. I also
think you are overreacting about Martin, somebody wanting to get a
signed key under a fake identity for bad purposes would not act like
Martin, but in a more subtle (and dangerous) way. The only think I can
complain about Martin is for not putting shame on those that were to
sign his key just before signing, so others learn.
> Rubbish. The reality I am concerned about is someone cracking
> the KSP and duping people into signing his hey when they had been
> fooled into thinking they were looking at an unfamiliar official ID.
If things are this easy we are in a problem, and this is the problem,