Re: Red team attacks vs. cracking

To: Henning Makholm <henning@makholm.net>
Cc: debian-devel@lists.debian.org
Subject: Re: Red team attacks vs. cracking
From: Gunnar Wolf <gwolf@gwolf.org>
Date: Wed, 31 May 2006 10:22:40 -0500
Message-id: <[🔎] 20060531152240.GB2624@gwolf.org>
In-reply-to: <[🔎] 871wuboses.fsf@kreon.lan.henning.makholm.net>
References: <[🔎] 877j43k1k4.fsf@glaurung.internal.golden-gryphon.com> <[🔎] u1hejyb4gv0.fsf@kempis.becket.net> <[🔎] 20060530172008.GA8099@javifsp.no-ip.org> <[🔎] 871wuboses.fsf@kreon.lan.henning.makholm.net>

Henning Makholm dijo [Wed, May 31, 2006 at 04:10:51AM +0200]:
> Scripsit Javier Fernández-Sanguino Peña <jfs@computer.org>
> 
> > I do agree with Manoj that this was *not* a legitimate experiment (i.e.
> > not a "red team" test) and that Martin *did* abuse our [0] trust [1]
> 
> A KSP that depends on there being any pre-existing trust to abuse is
> *completely worthless* as a KSP whether or not that trust is abused
> or not.

Ummm... There is a certain metric of pre-existing trust that _does_
exist here. Lets go back to Martin's specific case, to exemplify.

Many people have known Martin in person for several years. The people
that do know him already will be very surprised and react right away
if he wants to impersonate someone else (as an example, Alexander
Schmehl, who was at Debconf and was part of the prepared sheets, but
didn't take part in the end at the KSP). 

Of course, Martin could keep track of who knows him personally, and
maybe even extrapolate on who is right away familiar with Alexander,
and cleverly switch the fake and real IDs, not to raise
suspiciousness. 

If he is standing in spot 104 (which in our list means "between Jeroen
and Adeodato - who didn't participate, so Nicolas stands next to
him"), however, he won't be allowed to present an ID with Alexander's
name, as Alexander should have been standing in spot 38 (between me
and Rodrigo Gallardo).

Ok, so Martin, who is a bad person and a very good and clever actor,
will play as he were taking part in the KSP, standing between Rodrigo
and me. If somebody comes that probably knows Alexander or him
personally, he will pretend he is just hanging around, chatting with
people, and not signing keys.

But here comes the bit of pre-existing trust we _do_ have: I know
personally Alexander, have worked with him and can recognize him
easily. And although I haven't talked as much with Martin, I can also
easily recognize his face. If he is standing next to me the whole
time, even if he is a great actor and doesn't allow me to doubt he is
presenting a fake ID, it will be obvious for me he is impersonating
somebody else. So, I denounce he is a fake, and nobody signs the fake
Alexander's key.

Yes, I'm picking the names of two well-known people in the project. It
could be easier to impersonate, say, Raúl Odria or Mario Oyorzabal
(both of which didn't attend), so this pre-existing trust is
limited. But it clearly exists and counts for something, specially in
well-connected groups such as ours. And this is an important factor to
request people who are well known in the project not to skip the KSP
if it happens as it happened this time (and as in the other proposals
I've seen).

Greetings,

-- 
Gunnar Wolf - gwolf@gwolf.org - (+52-55)5623-0154 / 1451-2244
PGP key 1024D/8BB527AF 2001-10-23
Fingerprint: 0C79 D2D1 2C4E 9CE4 5973  F800 D80E F35A 8BB5 27AF

Reply to:

References:
- Red team attacks vs. cracking
  - From: Manoj Srivastava <srivasta@debian.org>
- Re: Red team attacks vs. cracking
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: Red team attacks vs. cracking
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>
- Re: Red team attacks vs. cracking
  - From: Henning Makholm <henning@makholm.net>

Prev by Date: Re: Request for key signing in Shanghai
Next by Date: Re: debdelta
Previous by thread: Re: Red team attacks vs. cracking
Next by thread: Bug#369543: ITP: libdata-dump-perl -- Pretty printing of data structures
Index(es):
- Date
- Thread