Re: [Debconf-discuss] list of valid documents for KSPs
On 30 May 2006, Wouter Verhelst stated:
> On Tue, May 30, 2006 at 07:49:34AM -0500, Manoj Srivastava wrote:
>> On 30 May 2006, Wouter Verhelst spake thusly:
>>> On Tue, May 30, 2006 at 06:28:32AM -0500, Manoj Srivastava wrote:
>>>> On 28 May 2006, Thomas Bushnell stated:
>>>>> Perhaps my just-posted message has too many words to see my
>>>>> In the paragraph above, marked >>>, which was written by you,
>>>>> you speak of deception and forgery. Nothing in the reports of
>>>>> the recent incident involving Martin suggests any deception and
>>>>> forgery. What about this incident makes you think that any kind
>>>>> of deception or forgery was going on?
>>>> I really think either you are deliberately being obtuse, or
>>>> nothing I can say will get this through to you. I fail to see
>>>> how one can assert that there was no forgery going on -- do you
>>>> automatically assume that if a shiney laminated document with
>>>> some random issueing authority listed on it is not forged?
>>> What Martin Krafft showed you was,
>> How do I know that person actually was Martin Krafft?
> You already know that, though you can't be sure. Just as you can't
> be sure that he was a forger, either.
I don't already know that. How could I?
>>> according to what he claimed,
>> If I claim to be president George Clooney, and show you a document
>> that proves I am such, and I earnestly claim it was not forged, but
>> Bubba looked at all kinds of documentation that says I am such a
>> person, you would proclaim from the roof tops that no forgery
> No, I wouln't do that. However, I wouldn't start proclaiming the
> opposite from the roof tops, either, like you seem to do.
I guess You can't read. I have never stated that I know it is
a forgery: I can't since I do not have that data. I have stated I
have absolutely no trust path to the identity proclaimed, so I am
going to treat it as though it were; since there is, in my opinion,
already an act of bad faith in play since someone is trying to trick
people into signing keys based on a identification paper from less
than trusted sources.
>>> a document that was made by the Transnational Republic. If he had
>>> changed some things on that document, then it would have been a
>>> forgery; however, he claims he has not, which would imply that it
>>> is not, in fact, a forgery.
>> Riiigt. And I am Angelina Jolie.
> Oh, get real.
> Why do you keep claiming that he did deliberately change things on
> this Transnational Republic ID card?
Where did I make this claim? I know english is not your first
language, but you know, these idiotic accusations are getting rather
I merely claim that I have no better proof that the person who
claims to be Martin is martin, than you have that I am Ms. Jolie in
> It is your duty on a key signing party to proof your own identity to
> other people, and to make sure that the proofs of identity other
> people give you are sufficiently convincing to you.
> Martin did that; he showed you a card which stated that he is Martin
> Krafft. Of course that doesn't mean he actually _is_ Martin Krafft;
> you have to check that card to make sure you have reason to believe
> the card is telling the truth.
No, giving me Bubba's ID cards and putting the burden of proof
on me does not absolve the evil doer from the fact that an attempt to
trick people was in play.
Yes, people are resposible for their action. This applies
equally to the person trying to trick the people.
You seem to be unable to see the distinction between the fact
that people should be on guard againt evil doers. Let me see if I can
dumb down an example.
See, if you go to a big city like New York, London, or Bombay,
there are grifters, con-men, and pick pockets. You are expected to,
as seasoned travellers, to be careful of how you carry your
valuables, to make it harder for pick pockets to make off with
them. If you fail, are you solely responsible?
Is the pick pocket blameless, since you obviously failed to
guard against the pick pocket?
>> You know, I give up. Apparently there is no way I can convey
>> the concept of trusted paths and trusted processes
> Sure there is. I couldn't agree with you more than that an ID card
> given out by a body of people whom I'd never heard of before this
> discussion, and that is _not_ a government, is not at all sufficient
> proof of ID for me to sign their key. On the point of trusted paths,
> we agree.
So far, so good.
> However, "trusted processes" do not lie with people who are trying
> to convince you of their identity. If you trust anyone to tell the
> truth about their identity, which is what your argument implies,
> then you have processes that are anything but trusted. It is you who
> would seem to have to be educated about what "trusted processes"
> actually means, not me.
Fine. I'll see if I can procure a sample identity card from my
friends at work and see if you can spot the difference. I am
willing to bet about a thousand euros that you would not be able to
spot the fake. The only thing keeping you on your high horse about
people in the community being trustable is htat you apparently have
never seen how good fake documents can be.
When you go out to buy, don't show your silver.
Manoj Srivastava <firstname.lastname@example.org> <http://www.debian.org/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C