On Tue, Sep 17, 2002 at 08:13:50PM +0200, Bas Zoetekouw wrote: > Hi Joel! > > You wrote: > > > Give me a good color printer (sub-dye would be best, it's what the local > > DMV uses, but is not required), a pocket laminator, and enough money to > > make it worth my time, and I'll bet I can fool 85% of DDs into accepting > > the ID as valid, in person, when it does not bear accurate information. > > I doubt that you'll be able to create a convincing forgery of a European > passport, a European ID card, or a Dutch drivers license. Editing a > scanned copy of one of these documents with <enter your favourite image > editor here> is very much easier, and could probably be done by anyone > capable of running windows. I didn't say I would be able to forge a *specific* ID for in-person use. But Debian's process does not specify I need any of those; only that I need an ID card issued by a trustworthy (normally governmental) entity that can identify me. As such, if trying to forge it, I can choose *any* entity that I think I could reasonably pass as a citizen of, when trying to defraud the system. Many of them do not have the anti-forgery elements present in some IDs. For that matter, not many US citizens I know would know, without researching it, what to look for on a European ID card, or a Dutch driver's license - I know I certainly don't know off the top of my head. Do you know which anti-forging techniques are used in each of the 50 US states? When they were initiated, and how long IDs are valid for from each of them? Are you willing to avoid signing the key of anyone presenting a US driver's license until you do? Is *every other* developer also willing to do this, and do they understand that it is necessary? > > It may be more secure, but only by the most marginal of degrees. > > Of course it isn't 100% secure. If you know a of way to achieve that, > I'd be happy to hear it. I doubt there is one. That wasn't the point. My point is that the increase in security is not *sufficiently large enough* to warrant the screaming that occurs every time someone can't up and drive 150 miles because they don't have an available vehicle, there isn't public transit to the area in question, and no local DDs can be found to sign it. Some of us can't afford to go to conferences readily, either, and don't work in jobs that will pay for such. Truly, I should have gotton my key signed by the booth geeks at the Linux convention in San Jose a few years back. At the time, I didn't realize I would ever want to be a DD. Of course, it's all a moot point right now, anyway; key signed or not, nobody is becoming a DD at the moment. -- *************************************************************************** Joel Baker System Administrator - lightbearer.com lucifer@lightbearer.com http://users.lightbearer.com/lucifer/
Attachment:
pgp_TeKyki1NT.pgp
Description: PGP signature