Henning Makholm dijo [Wed, May 31, 2006 at 04:10:51AM +0200]: > Scripsit Javier Fernández-Sanguino Peña <[EMAIL PROTECTED]> > > > I do agree with Manoj that this was *not* a legitimate experiment (i.e. > > not a "red team" test) and that Martin *did* abuse our [0] trust [1] > > A KSP that depends on there being any pre-existing trust to abuse is > *completely worthless* as a KSP whether or not that trust is abused > or not.
Ummm... There is a certain metric of pre-existing trust that _does_ exist here. Lets go back to Martin's specific case, to exemplify. Many people have known Martin in person for several years. The people that do know him already will be very surprised and react right away if he wants to impersonate someone else (as an example, Alexander Schmehl, who was at Debconf and was part of the prepared sheets, but didn't take part in the end at the KSP). Of course, Martin could keep track of who knows him personally, and maybe even extrapolate on who is right away familiar with Alexander, and cleverly switch the fake and real IDs, not to raise suspiciousness. If he is standing in spot 104 (which in our list means "between Jeroen and Adeodato - who didn't participate, so Nicolas stands next to him"), however, he won't be allowed to present an ID with Alexander's name, as Alexander should have been standing in spot 38 (between me and Rodrigo Gallardo). Ok, so Martin, who is a bad person and a very good and clever actor, will play as he were taking part in the KSP, standing between Rodrigo and me. If somebody comes that probably knows Alexander or him personally, he will pretend he is just hanging around, chatting with people, and not signing keys. But here comes the bit of pre-existing trust we _do_ have: I know personally Alexander, have worked with him and can recognize him easily. And although I haven't talked as much with Martin, I can also easily recognize his face. If he is standing next to me the whole time, even if he is a great actor and doesn't allow me to doubt he is presenting a fake ID, it will be obvious for me he is impersonating somebody else. So, I denounce he is a fake, and nobody signs the fake Alexander's key. Yes, I'm picking the names of two well-known people in the project. It could be easier to impersonate, say, Raúl Odria or Mario Oyorzabal (both of which didn't attend), so this pre-existing trust is limited. But it clearly exists and counts for something, specially in well-connected groups such as ours. And this is an important factor to request people who are well known in the project not to skip the KSP if it happens as it happened this time (and as in the other proposals I've seen). Greetings, -- Gunnar Wolf - [EMAIL PROTECTED] - (+52-55)5623-0154 / 1451-2244 PGP key 1024D/8BB527AF 2001-10-23 Fingerprint: 0C79 D2D1 2C4E 9CE4 5973 F800 D80E F35A 8BB5 27AF -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
