[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Debconf-discuss] list of valid documents for KSPs

Manoj Srivastava <srivasta@debian.org> writes:

>         If I claim to be president George Clooney, and show you a
>  document that proves I am such, and I earnestly claim it was not
>  forged, but Bubba looked at all kinds of documentation that says I am
>  such a person, you would proclaim from the roof tops that no forgery
>  occurred? 

No, that would be a forgery.

Do you have any reason to suspect that this is what happenned?

>         You know, I give up.  Apparently there is no way I can convey
>  the concept of trusted paths and trusted processes to the people so
>  passionately arguing with me, and this is getting tedious.

We understand it just fine.  Nobody in their right mind should accept
the Transnational Republic ID without knowing a lot more about the
organization than I do.  Anyone who signed the key on that basis
should have egg on their face, and should seriously consider revoking
the signature.

But that *doesn't* make Martin a forger.

>         As a final note: Look for motivation. Presenting documents
>  from an untrusted source to trick the unwary into signing to show how
>  weak the ID checks are is still a trick.

Once more, Manoj, did you buy the ID?  It's time for you to spell it
out.  Did you look at the Transnational Republic card, say "yep,
that's the right picture", and then go ahead and sign the key?  

And, for all we know, the Transnational Republic is a good source.  We
just don't know.  Only the people who know more about the organization
than you or I do can judge.  If I present my University of California
ID, that's a very good ID, but most people wouldn't know that, and
it's not unfair trickery of me to present it.


Reply to: