Re: Trouble becoming a member

To: Bas Zoetekouw <bas@debian.org>
Cc: debian-newmaint@lists.debian.org
Subject: Re: Trouble becoming a member
From: "Joel Baker" <lucifer@lightbearer.com>
Date: Tue, 17 Sep 2002 12:06:39 -0600
Message-id: <[🔎] 20020917180639.GA2052@lightbearer.com>
In-reply-to: <[🔎] 20020917145424.GB5912@matilda.phys.uu.nl>
References: <[🔎] 20020917140443.GA28527@hasseroeder.heim2.tu-clausthal.de> <[🔎] 20020917142505.GB24886@netexpress.net> <[🔎] 20020917143419.GA29215@hasseroeder.heim2.tu-clausthal.de> <[🔎] 20020917145424.GB5912@matilda.phys.uu.nl>

On Tue, Sep 17, 2002 at 04:54:24PM +0200, Bas Zoetekouw wrote:
> Hi Arvid!
> 
> You wrote:

[ snip ]

> > What is so bad about a signed
> > and scanned ID?
> 
> It's less secure. An ID is easily faked using gimp.

Ah, yes. Because Debian Developers are automatically familiar with all of
the ID formats one might reasonably present, and know how to check for
forgery of them.

Give me a good color printer (sub-dye would be best, it's what the local
DMV uses, but is not required), a pocket laminator, and enough money to
make it worth my time, and I'll bet I can fool 85% of DDs into accepting
the ID as valid, in person, when it does not bear accurate information.

Or do you expect every one of them to know what the various government
IDs look like, in what timeframe each one converted to using various
anti-forgery techniques, what those *are* for each state, and cover that
for every plausible state of identification for a given person? (Which,
barring in-depth knowledge of them, could often be over 100 plausible
identifying entities; 50 of them in the US alone).

It may be more secure, but only by the most marginal of degrees. It is
highly insufficient for preventing any form of determined attack (that is,
someone who WANTS "root on every Debian user's box"; the equipment named
above wouldn't cost more than $1000, today, probably much less), and it
isn't much more of a deterrent to cluelessness than requiring a photo ID.

Certainly, it is still prefferable to have the bar higher when reasonable,
but be realistic about the difference. It isn't that much of one, and there
is really very little call for making it an extreme bias which requires
"being at the other end of a continent from the nearest DD". Having made
a reasonable effort to get in touch with a local DD should suffice.

(For the record, yes, my proof of identity is a scanned ID; any developer
who is in or will be travelling to the Denver metro area is both welcomed
and encouraged to do a signature exchange. If you consider photo ID to be
insufficient after the above commentary, I'd be happy to provide other
supporting evidence, as well, but only in person.)
-- 
***************************************************************************
Joel Baker                           System Administrator - lightbearer.com
lucifer@lightbearer.com              http://users.lightbearer.com/lucifer/

Reply to:

Follow-Ups:
- Re: Trouble becoming a member
  - From: Bas Zoetekouw <b.zoetekouw@phys.uu.nl>
- Re: Trouble becoming a member
  - From: Steve Langasek <vorlon@netexpress.net>

References:
- Trouble becoming a member
  - From: Arvid Warnecke <arvid@nostalgix.org>
- Re: Trouble becoming a member
  - From: Steve Langasek <vorlon@netexpress.net>
- Re: Trouble becoming a member
  - From: Arvid Warnecke <arvid@nostalgix.org>
- Re: Trouble becoming a member
  - From: Bas Zoetekouw <bas@debian.org>

Prev by Date: Re: Trouble becoming a member
Next by Date: Re: Trouble becoming a member
Previous by thread: Re: Trouble becoming a member
Next by thread: Re: Trouble becoming a member
Index(es):
- Date
- Thread