Re: PGP and verifying ids / emails

To: Joseph Carter <knghtbrd@debian.org>
Cc: Manoj Srivastava <srivasta@debian.org>, bam@snoopy.apana.org.au, debian-mentors@lists.debian.org
Subject: Re: PGP and verifying ids / emails
From: Jor-el <jorel@marvin.megadodo.umb>
Date: Fri, 30 Jul 1999 08:32:23 -0500 (CDT)
Message-id: <[🔎] Pine.LNX.3.96.990730081541.9747A-100000@marvin.megadodo.umb>
Reply-to: jorel@ibm.net
In-reply-to: <[🔎] 19990730025332.B14408@debian.org>


Scenery is here, wish you were beautiful.

On Fri, 30 Jul 1999, Joseph Carter wrote:

> On Fri, Jul 30, 1999 at 01:29:35AM -0500, Manoj Srivastava wrote:
> >  Brian> You need to be sure that you are signing the *correct* public
> >  Brian> key, and not just any public key that happened to be created
> >  Brian> with "John Smith"'s id (which is publicly known).
> > 
> >         When I sign a key, I have am standing in front of John Smith,
> >  who has conviinced me it is indeed John Smith (using 2 picture
> >  ID's). He then asks me to sign a key -- I assume he is giving me a
> >  public key whose private key he has (what is the point otherwise?). 
> > 
> >         I do verify that the ID on the key matches the ID that was
> >  shown to me. 
> 
> Might I ask how most people are supposed to get two picture IDs?  Most IDs
> do not have pictures.  The only ones I've seen that do are those issued by
> the DMV, school IDs, keycards for buildings with high security, and ID
> issued to LEO's.  Since it has been years since I had one of those, I'm
> likely to only meet your criteria if I happened to remember to bring my
> old (now invalid) Oregon ID with me, provided I don't cut it up and doss
> it like I probably would if I'd ever bother to think about it first.
> 
> This means that about 80% of the populace will NEVER get a signature from
> you.  Still, if that's what you feel you need, that's what you should ask
> for.
> 
> 
> >  Brian> ie it is not much point a public key for "John Smith" if "John
> >  Brian> Smith" doesn't have the private key.
> > 
> >         Why is he asking me to sign it then?
> 
> That's what I can't figure out...  =>
>

	Actually, there could be a possible reason for this if the
rejection criteria applied by the new-maintainers group is applied at the
key-signing level. Suppose there is a person whose qualities make him /
her unacceptable to Debian so that the new-maintainers group would reject
this persons membership. In which case, this person gets a proxy to do 
a key signed (you would be verifying the proxy's id and the proxy has no
intention of using the key you sign). After the PGP key is in a trusted
position, the person using the PGP key can cause all the damage that he /
she wants do.

	If you think that the proxy wouldnt do this because of possible
repercussions to the proxy, let me point out that id's of the level to
fool non-law-enforcement people are not that hard to make. If you are
looking at a US drivers license, do you automatically check for the
holographic image to see if it is valid? Do you know the difference
between a fake foreign passport and a valid one?

	I think Debian is taking too much on trust. But then, I dont see a
way to resolve this either. Given the fact that there are so few of us (in
relation to the rest of the world), tightening up security could choke the
new membership pipeline to the extent that Debian could decay in four or
five years.

> 
> >  Brian> Somebody may have replaced a copy of the correct key with a
> >  Brian> "forged" key along the way.
> > 

Jor-el

Reply to:

Follow-Ups:
- Re: PGP and verifying ids / emails
  - From: Joseph Carter <knghtbrd@debian.org>

References:
- Re: PGP and verifying ids / emails
  - From: Joseph Carter <knghtbrd@debian.org>

Prev by Date: Re: PGP and verifying ids / emails
Next by Date: Re: Marking bug as fixed ?
Previous by thread: Re: PGP and verifying ids / emails
Next by thread: Re: PGP and verifying ids / emails
Index(es):
- Date
- Thread