[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Trouble becoming a member



On Tue, Sep 17, 2002 at 08:13:50PM +0200, Bas Zoetekouw wrote:
> Hi Joel!
> 
> You wrote:
> 
> > Give me a good color printer (sub-dye would be best, it's what the local
> > DMV uses, but is not required), a pocket laminator, and enough money to
> > make it worth my time, and I'll bet I can fool 85% of DDs into accepting
> > the ID as valid, in person, when it does not bear accurate information.
> 
> I doubt that you'll be able to create a convincing forgery of a European
> passport, a European ID card, or a Dutch drivers license. Editing a
> scanned copy of one of these documents with <enter your favourite image
> editor here> is very much easier, and could probably be done by anyone
> capable of running windows.

I didn't say I would be able to forge a *specific* ID for in-person use.
But Debian's process does not specify I need any of those; only that I
need an ID card issued by a trustworthy (normally governmental) entity
that can identify me.

As such, if trying to forge it, I can choose *any* entity that I think I
could reasonably pass as a citizen of, when trying to defraud the system.
Many of them do not have the anti-forgery elements present in some IDs. For
that matter, not many US citizens I know would know, without researching
it, what to look for on a European ID card, or a Dutch driver's license - I
know I certainly don't know off the top of my head.

Do you know which anti-forging techniques are used in each of the 50 US
states? When they were initiated, and how long IDs are valid for from each
of them? Are you willing to avoid signing the key of anyone presenting a US
driver's license until you do? Is *every other* developer also willing to
do this, and do they understand that it is necessary?

> > It may be more secure, but only by the most marginal of degrees. 
> 
> Of course it isn't 100% secure. If you know a of way to achieve that,
> I'd be happy to hear it.  

I doubt there is one. That wasn't the point. My point is that the increase
in security is not *sufficiently large enough* to warrant the screaming
that occurs every time someone can't up and drive 150 miles because they
don't have an available vehicle, there isn't public transit to the area in
question, and no local DDs can be found to sign it. Some of us can't afford
to go to conferences readily, either, and don't work in jobs that will pay
for such.

Truly, I should have gotton my key signed by the booth geeks at the Linux
convention in San Jose a few years back. At the time, I didn't realize I
would ever want to be a DD. Of course, it's all a moot point right now,
anyway; key signed or not, nobody is becoming a DD at the moment.
-- 
***************************************************************************
Joel Baker                           System Administrator - lightbearer.com
lucifer@lightbearer.com              http://users.lightbearer.com/lucifer/

Attachment: pgp_TeKyki1NT.pgp
Description: PGP signature


Reply to: