[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Debconf-discuss] list of valid documents for KSPs

Scripsit Manoj Srivastava <srivasta@debian.org>

>         I see you have never been in a large key signing party.  There
>  is a certain expectation of trust, since no one can actrually detect
>  delibrate forgeries.

If a key-signing method needs any particularly trustworthy behavior
from the people asking to have keys signed, it is broken, plan and
simple. It was broken from day one, and it becomes neither more nor
less broken because anybody in particular does not behave according to
the rule.

The entire _point_ of the web-of-trust is to not take people's claim
about their identity at face value. It is a process rooted in
_distrust_ and if the mechanisms end up with certified trust where
none is warranted, the mechanisms are at fault.

You seem to think that key-signing parties only work if all
participants are honest. That may be so, but if all participants ARE
honest, key-signing in general would be pointless. If the parties do
not work in the presense of dishonest participants they are completely
broken, serve no useless purpose, and might as well be abandoned.

This is true whether or not any precense of dishonest participants
have been speculated or confirmed, and if it is true after Martins
experiment, it was equally true before it.

>  There items I used to check on were the photograph, seplling of the
>  name, expiration date for the document, and, optionally, age.

If you do your checks on a way that assume honesty on the signee's
part, then your checks are broken. When you sign keys you should
_assume_ that the unknown person who wants you to sign a key is
dishonest about who he claims to be, and only sign if you see
something that positively convince you otherwise.

>  -- since good faith expectations were that people were not
>  trying to game the system.

Good faith expectations have absolutely no place in a system that is
based on distrusting people and demanding proof of their claims.

>         If people start bringing in forged documents,  no amount of
>  caution on part of laypeople like most software developers is proof
>  against such deception.

Correct. If you think the system depends on people being honest in the
first place, the system has no conceivable useful purpose.

Henning Makholm         "Nemo enim fere saltat sobrius, nisi forte insanit."

Reply to: