On Tue, Sep 17, 2002 at 12:06:39PM -0600, Joel Baker wrote: > > > What is so bad about a signed > > > and scanned ID? > > It's less secure. An ID is easily faked using gimp. > Ah, yes. Because Debian Developers are automatically familiar with all of > the ID formats one might reasonably present, and know how to check for > forgery of them. > Give me a good color printer (sub-dye would be best, it's what the local > DMV uses, but is not required), a pocket laminator, and enough money to > make it worth my time, and I'll bet I can fool 85% of DDs into accepting > the ID as valid, in person, when it does not bear accurate information. > Or do you expect every one of them to know what the various government > IDs look like, in what timeframe each one converted to using various > anti-forgery techniques, what those *are* for each state, and cover that > for every plausible state of identification for a given person? (Which, > barring in-depth knowledge of them, could often be over 100 plausible > identifying entities; 50 of them in the US alone). > It may be more secure, but only by the most marginal of degrees. It is > highly insufficient for preventing any form of determined attack (that is, > someone who WANTS "root on every Debian user's box"; the equipment named > above wouldn't cost more than $1000, today, probably much less), and it > isn't much more of a deterrent to cluelessness than requiring a photo ID. > Certainly, it is still prefferable to have the bar higher when reasonable, > but be realistic about the difference. It isn't that much of one, and there > is really very little call for making it an extreme bias which requires > "being at the other end of a continent from the nearest DD". Having made > a reasonable effort to get in touch with a local DD should suffice. > (For the record, yes, my proof of identity is a scanned ID; any developer > who is in or will be travelling to the Denver metro area is both welcomed > and encouraged to do a signature exchange. If you consider photo ID to be > insufficient after the above commentary, I'd be happy to provide other > supporting evidence, as well, but only in person.) You're right of course that it's possible to fake photo IDs in many cases; however, photo IDs and physical meetings still protect against two other weaknesses -- man-in-the-middle attacks, and actual visual *identification* of the applicant. All told, I think the security difference between the two techniques is much better than just marginal. Most people don't get signed into the ring by people from far distant lands (say, California), either; the web is large enough now that familiarity with the IDs of your own state, and possibly your neighboring states, should be enough to prevent mere $1,000 forgeries. And when NMs can expect to spend maybe half a year in the queue anyway, the "reasonable effort" to contact a local DD should include a corresponding increase in effort to be considered reasonable. Steve Langasek postmodern programmer
Attachment:
pgpbi3YxCgEJh.pgp
Description: PGP signature