[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Trouble becoming a member

On Tue, Sep 17, 2002 at 01:52:43PM -0500, Steve Langasek wrote:
> You're right of course that it's possible to fake photo IDs in many
> cases; however, photo IDs and physical meetings still protect against two
> other weaknesses -- man-in-the-middle attacks, and actual visual
> *identification* of the applicant.  All told, I think the security
> difference between the two techniques is much better than just marginal.

Hmmm. It does protect against MitM attacks, in that particular case,
though I can think of ways around this that don't require physical
meetings. Granted, however, that we don't currently require those for photo

Visual identification of the applicant isn't terribly meaningful; all it
establishes is that they have a card with their picture on it. It says
nothing about the veracity of that card, which is where the attack is in
that case. However, see below.

> Most people don't get signed into the ring by people from far distant
> lands (say, California), either; the web is large enough now that
> familiarity with the IDs of your own state, and possibly your neighboring
> states, should be enough to prevent mere $1,000 forgeries.  And when NMs
> can expect to spend maybe half a year in the queue anyway, the
> "reasonable effort" to contact a local DD should include a corresponding
> increase in effort to be considered reasonable.

This, I will grant, with one caveat: the question of whether DDs actually
do know this, and whether they are actively aware of it. They should be -
but are they? (And is this, perhaps, something to be noted in the FAQs, if

I don't know that I agree with spending half a year in the queue being
"reasonable", but it certainly does appear to be the current expectation.
Even with photo ID verified, I'm still trying to collect a signature to go
with it. Just found someone who seems likely to be meetable at some point
and dropped them private email, in fact.
Joel Baker                           System Administrator - lightbearer.com
lucifer@lightbearer.com              http://users.lightbearer.com/lucifer/

Attachment: pgpaBFgRfBWSq.pgp
Description: PGP signature

Reply to: