[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Please revoke your signatures from Martin Kraff's keys

On Thu, Jun 01, 2006 at 12:41:52AM +0200, Javier Fernández-Sanguino Peña <jfs@debian.org> wrote:
> On Mon, May 29, 2006 at 02:48:33PM +0200, Wouter Verhelst wrote:
> > Then there's the issue of tracing who did an actual upload into the real
> > world. A name on a GPG key is not, by any means, an effective way to do
> > that, since it does not contain enough information to get out the black
> > helicopters. Case in point:
> (...)
> Useless case, you seem to believe that police officers can only trace and
> obtain information from people through Google !
> I do not know how many cases related to "digital crimes" have you been
> involved with or know of, so please allow me to enlighten you how it could
> possiby work:
> - somebody named X gets a trojan in the Debian archive through a GPG key
> - SPI (not Debian as it does not have a legal entity in itself) brings the
>   case to a law agency claiming that X has committed a crime
> - the Police traces X to A, B and C (same names != same people)

You'd have to skip this point if name(X) != name(A).

> - the Police gathers evidence that A and B *might* be in possession of the
>   GPG key and might have done the attack (this includes things like
>   information from ISPs linking a telecommunications contract to a name, data
>   from their communication either publicly available or requested to ISPs or
>   servers)

They'll have some trouble getting information from ISPs hosting a proxy
of whatever outside the US.


Reply to: