On Thu, Aug 03, 2000 at 04:47:31PM +0000, Dale Scheetz wrote: > On Thu, 3 Aug 2000, Anand Kumria wrote: > > Why do you continue to confuse the issue by bringing in the onerous task > > furphy? It is all about trust. > Well, I agree that I trust a keysigner, and that trust allows me to accept > the signed image from the applicant. This isn't true. Signing a key allows you to say that yes, the name in the uid on the key really is the name of the guy who holds the key. If I've signed someone's key after looking at their passport, that's all I'm asserting. I'm not asserting that this person will represent himself honestly in future, that he won't lie about how he looks, or where he lives, or anything. > I just can't understand the reluctance to satisfy this requirement except > that it is viewed by some as being too hard. I cannot, for the life of me, > figure out what harm there might be to the passport holder if I happen to > have a digitized copy of his passport. Can someone explain to me just why > the passport holder should feel threatened by the existance of an > "uncontroled" copy of his passport? Suppose some other project requires a digitized passport as one of its entry requirements. Voila, as an AM, you can join that project as some other person. Beyond that, passports are *very* sensitive documents. You don't give them to other people long enough to make copies, physically or digitally. A good fake passport (and a stolen bill, say) will let you open bank accounts, get a drivers license, or whatever else. *blink* Even worse, is this clause: ``It is insufficient to sign the mail which includes the photo-ID as a whole. You should make sure to sign the ID image file itself.'' It should be completely satisfactory to send, in crypto-parlance: S_k{ "This is my signed id for n-m@debian.org" ; ID } . That is, the entire message (including the key) signed once, not separately. Any thing else is open to replay attacks (someone trying to join you up to a non-Debian project with similar identification requirements, perhaps), which is not a Good Thing. > > Applicant A Applicant B > > - has public key - has public key, signed by Wichert* > > - has image signed by - has no image file > > own public key > > The current procedure says that Applicant A has fullfilled the identity > > requirements. Applicant B has not. > Applicant A has NOT fulfilled the identity requirements!!!! > Applicant A must, in addition to the above, provide a real, live, contact > who can verify the picture against the name. Errr. What's the point of this latter? If it's a phone call, pay some guy to lie for you ``Hi, I'm new in town, and I'm joining this project, and they need to call a friend to verify that I am who's I say I am, so do you mind if I give them your number, and when they call asking about me, you can say yup, I yam who I yam? </ObPopeye>''. If it's an email, you just need to use a relatively anonymous account (hotmail, or a remailer) and do it yourself. What's the point of asking someone we don't have any reason to trust anything about the process? We have no reason to believe him. He has no reason not to lie 'til he's blue in the face. And in essence, isn't this saying, effectively, that we'll trust any Joe off the street just as much as a Debian developer? If a developer says the guy's who he says he is, that's good enough. If some Joe off the street does too, well, that's good enough too. I don't see what this buys anyone at all. On the downside, it's a nuisance for applicants, it's an inaccurate test for inclusion (we want to know if they're any good at making packages, not scanning images), and it makes the process take longer. > The image file satisfied our need as a group to be able to identify our > members. How does it do this? What does it buy us apart from just having a picture of questionable accuracy on file? What's the *point*? > > 1. (somewhat) Speedier processing for those applicants are able to > > convince existing Debian Developers to sign their key. > We already have that, as they don't need to provide a phone contact for ID > verification. But they do for "evaluation and check-in", so what difference does it make? Cheers, aj -- Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/> I don't speak for anyone save myself. GPG signed mail preferred. ``We reject: kings, presidents, and voting. We believe in: rough consensus and working code.'' -- Dave Clark
Attachment:
pgpTQI88Vozst.pgp
Description: PGP signature