[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Debconf-discuss] list of valid documents for KSPs

On Wed, May 31, 2006 at 02:48:13PM -0500, Manoj Srivastava wrote:
>         The person who I thought was Marting has apparently revealed
>  that the identity documents that were preseted to the key signing
>  party participants were ones that did not come out of a trusted
>  process.  Typically, the identity papers are produced by official
>  bodies, like governments, that have international treaties in place
>  to assure a minimal conformance of identity checks.

Wrong again.  There are no international treaties, at least not
general ones, that guarantee identity checks.  (There may be
specialized ones such as those that bind countries within the European
Union, but not in general.)

> > Does that mean that if someone shows up at an future keysigning
> > party at OLS, for example, with an Transational Republic ID which
> > has the name "Manoj Srivastava", that everyone would be therefore be
> > entitled to demand on debian-devel that all signatures for "Manoj
> > Srivastava" should now be revoked?
>         I would think that if an imposter was running around, and if
>  people were no longer sure that such an imposter twas the one whose
>  ID they had based their signatures on, HELL YES!!!

So if someone purchases a fake ID for oh, $20 that appears to be a
government issue ID, and successfully shows that at least one
signature was signed using said fake, apparently government issued ID,
you'd acquience to someone asserting that everyone should revoke their
signatures on your key?

I didn't say this; I think you were careless editing attributes in
your note which replied to multiple e-mails....

> > Had Martin never mentioned this, it would have been a non-issue.
> > There is no real damage. While signatures may have been based on a
> > non-offical ID, Martin did indeed own the key in question, so the
> > end harm is zero. But Martin decided to publish this experiment

> > A security mechanism that only works in the non-presense of
> > fraudsters is no security mechanism at all.
> > A KSP that depends on there being any pre-existing trust to abuse is
> > *completely worthless* as a KSP whether or not that trust is abused
> > or not.
> >
>         You just dismissed signing PKA keys by individuals.  There is
>  no way that an individual with access to official records can
>  determine if a particular passport is a "test" passport or not.

And now you are sinking deeper and deeper into paranoia.  Of course
there is no way to tell whether or not a particular passport is real.
Heck, do you know how easy it is forge even official government
records?  In most US states, it's trivial if you know what you are
doing to get an official driver's license issued with a false
identity.  And it's only a little bit more work to get a passport with
a false identity, if you are willing to be a bit dishonest about

If absolute trust is the only thing you will accept, then you might as
well withdraw from Debian project, and go hide in a hole with some
paranoiod survivalists in Montana.  We can't have absolute trust; it
is impossible.  And you seem to be the one demanding it, and if you
can't have it, it's "off with their signatures", or "off with their
key on the keyring"!

						- Ted

Reply to: