Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys

To: debian-devel@lists.debian.org
Subject: Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
From: Agustin Martin <agmartin@debian.org>
Date: Fri, 26 May 2006 01:45:24 +0200
Message-id: <[🔎] 20060525234524.GA4469@agmartin.aq.upm.es>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 87u07dgbqe.fsf@glaurung.internal.golden-gryphon.com>
References: <[🔎] 871wuiimii.fsf@glaurung.internal.golden-gryphon.com> <[🔎] 20060525133943.GD13985@khazad-dum.debian.net> <[🔎] 87slmyktps.fsf@gismo.pca.it> <[🔎] 87hd3egirh.fsf@glaurung.internal.golden-gryphon.com> <[🔎] 20060525172523.GM8588@kenobi.snowman.net> <[🔎] 8764jugfut.fsf@glaurung.internal.golden-gryphon.com> <[🔎] 20060525181607.GN8588@kenobi.snowman.net> <[🔎] 87u07dgbqe.fsf@glaurung.internal.golden-gryphon.com>

On Thu, May 25, 2006 at 02:12:25PM -0500, Manoj Srivastava wrote:

>         He has already bragged about how he cracked the KSP by
>  presenting an unofficial ID which he bought -- an action designed to
>  show the weakness of signing parties. So, this was a bad faith act,
>  since the action was not to show an valid, official ID to extend the
>  web of trust, but to see how many people could be duped into signing
>  his key.

I was not there, so I might miss quite many things, but from readings
seems that he showed his real ID under a presumably faked ID card, and
some people signed his key based on it.

>         Given that he is acknowledges trying to dupe people, why do
>  you think he is not lying about the contents of the ID?

This is a question for the people that signed his key based on the
apparently evidently faked ID card.

I do not think that was Martin who cracked the KSP, but the people who
signed his key based on extremely doubtful identification. I also
think you are overreacting about Martin, somebody wanting to get a
signed key under a fake identity for bad purposes would not act like
Martin, but in a more subtle (and dangerous) way. The only think I can
complain about Martin is for not putting shame on those that were to
sign his key just before signing, so others learn.

>         Rubbish. The reality I am concerned about is someone cracking
>  the KSP and duping people into signing his hey when they had  been
>  fooled into thinking they were looking at an unfamiliar official ID.

If things are this easy we are in a problem, and this is the problem,
not Martin.

-- 
Agustin

Reply to:

References:
- Please revoke your signatures from Martin Kraff's keys
  - From: Manoj Srivastava <srivasta@debian.org>
- Re: Please revoke your signatures from Martin Kraff's keys
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
  - From: Luca Capello <luca@pca.it>
- Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
  - From: Manoj Srivastava <srivasta@debian.org>
- Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
  - From: Stephen Frost <sfrost@snowman.net>
- Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
  - From: Manoj Srivastava <srivasta@acm.org>
- Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
  - From: Stephen Frost <sfrost@snowman.net>
- Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
  - From: Manoj Srivastava <srivasta@acm.org>

Prev by Date: Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
Next by Date: Re: not running depmod at boot time
Previous by thread: Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
Next by thread: Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
Index(es):
- Date
- Thread