[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys

On Thu, May 25, 2006 at 02:12:25PM -0500, Manoj Srivastava wrote:

>         He has already bragged about how he cracked the KSP by
>  presenting an unofficial ID which he bought -- an action designed to
>  show the weakness of signing parties. So, this was a bad faith act,
>  since the action was not to show an valid, official ID to extend the
>  web of trust, but to see how many people could be duped into signing
>  his key.

I was not there, so I might miss quite many things, but from readings
seems that he showed his real ID under a presumably faked ID card, and
some people signed his key based on it.

>         Given that he is acknowledges trying to dupe people, why do
>  you think he is not lying about the contents of the ID?

This is a question for the people that signed his key based on the
apparently evidently faked ID card.

I do not think that was Martin who cracked the KSP, but the people who
signed his key based on extremely doubtful identification. I also
think you are overreacting about Martin, somebody wanting to get a
signed key under a fake identity for bad purposes would not act like
Martin, but in a more subtle (and dangerous) way. The only think I can
complain about Martin is for not putting shame on those that were to
sign his key just before signing, so others learn.

>         Rubbish. The reality I am concerned about is someone cracking
>  the KSP and duping people into signing his hey when they had  been
>  fooled into thinking they were looking at an unfamiliar official ID.

If things are this easy we are in a problem, and this is the problem,
not Martin.


Reply to: