Re: [Debconf-discuss] list of valid documents for KSPs
On 28 May 2006, Thomas Bushnell stated:
> Perhaps my just-posted message has too many words to see my point.
> In the paragraph above, marked >>>, which was written by you, you
> speak of deception and forgery. Nothing in the reports of the
> recent incident involving Martin suggests any deception and forgery.
> What about this incident makes you think that any kind of deception
> or forgery was going on?
I really think either you are deliberately being obtuse, or
nothing I can say will get this through to you. I fail to see how
one can assert that there was no forgery going on -- do you
automatically assume that if a shiney laminated document with some
random issueing authority listed on it is not forged? With a issuing
authority which has entered into international agreements with other
governments, there is some assurance that a minimum threshold of
checks are built into the process of issueing travel documents.
Why do you think Bubba does the same thing?
On 29 May 2006, Henning Makholm verbalised:
> If a key-signing method needs any particularly trustworthy behavior
> from the people asking to have keys signed, it is broken, plan and
> simple. It was broken from day one, and it becomes neither more nor
> less broken because anybody in particular does not behave according
> to the rule.
> The entire _point_ of the web-of-trust is to not take people's claim
> about their identity at face value. It is a process rooted in
> _distrust_ and if the mechanisms end up with certified trust where
> none is warranted, the mechanisms are at fault.
> If you do your checks on a way that assume honesty on the signee's
> part, then your checks are broken. When you sign keys you should
> _assume_ that the unknown person who wants you to sign a key is
> dishonest about who he claims to be, and only sign if you see
> something that positively convince you otherwise.
On 28 May 2006, Daniel Dickinson verbalised:
> Er, is it just me or isn't the point of gnupg that there *are*
> people you *can't trust*. We wouldn't be needing digital signatures
> if everybody honoured the 'gentleman's agreement' that we should
> only sign as ourselves (or at most as a pseudonym that can't be
> confused for a real person) in plaintext email.
On 28 May 2006, Thomas Bushnell told this:
> How is it "cracking" to use Bubba's documents?
There is a certain sweet naivete in the above messages which
is rather touching. It is also, of course, devoid of any touch with
reality: all I can say, gentelmen, is that you have lead sheltered
lives. There is no key signing protocol that is immune to an attack
by an unscrupulous enough person: if I had the inclination, and a
few thousands of dollars to burn, I could show up at a KSP with
passports from half a dozen different countries, some of which would
have been created with legitimate blanks from the country in
Nothing that a general software developer can do to check an
ID is proof against a determined individual, we all assume that there
is a gentleman's agreement in place that such an attack is not
Yes, there is a difference in degree in ID checks; and I still
hold that presenting an ID for the purpose of testing the strengrh of
the ID checks of the individual ratrher than to just legitimately get
a signature on ones key is an act of bad faith: good faith would have
been to present the official ID and extend the web of trust.
>So, if the ID says on it, "Bubba's Fake ID Shop", I'm not sure I see
> the problem.
Dear boy, Bubba's ID's are likely to say Transnational
Republic. Or, if Bubba has been allowed to personally examine more
Bewnjamins, it could have read the federal republic of Germany. Or
the united staateds. Or cameroon.
> In other words, Bubba sells forgeries, but the Transnational
> Republic does not.
Riiight. And I know that how?
Suaviter in modo, fortiter in re. Se non e vero, e ben trovato.
Manoj Srivastava <firstname.lastname@example.org> <http://www.debian.org/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C