On 30 May 2006, Theodore Tso stated:
> On Tue, May 30, 2006 at 07:49:34AM -0500, Manoj Srivastava wrote:
>>> What Martin Krafft showed you was,
>>
>> How do I know that person actually was Martin Krafft?
>
> So if you have no idea whether or not someone was Martin Krafft, how
> can you ask everyone to revoke all signatures for Martin Krafft as
> you did earlier. That is really unreasonable.
The person who I thought was Marting has apparently revealed
that the identity documents that were preseted to the key signing
party participants were ones that did not come out of a trusted
process. Typically, the identity papers are produced by official
bodies, like governments, that have international treaties in place
to assure a minimal conformance of identity checks.
Given that, it is entirely reasonable to ask for signatures to
be revoked, since this was not the first time such an "experiment"
has apparently been conducted.
> Does that mean that if someone shows up at an future keysigning
> party at OLS, for example, with an Transational Republic ID which
> has the name "Manoj Srivastava", that everyone would be therefore be
> entitled to demand on debian-devel that all signatures for "Manoj
> Srivastava" should now be revoked?
I would think that if an imposter was running around, and if
people were no longer sure that such an imposter twas the one whose
ID they had based their signatures on, HELL YES!!!
> After all, we have no idea if anyone who might or might not have
> been "Manoj Srivastava" might or might not have produced an
> identification documents that may or may not have been false. We
> don't know!
Then please do revoke your signature on a key that purports to
be mine.
> Do you see how rediculous this is? How irrational you are being?
I think you are the one being irrational talking about a "web
of trust" and blithely signing keys for people who conduct "tests" to
see how weak processes of "trust" are.
If I, or someone posing as me, has ever done anything to
damage trust in my identity, REVOKE YOUR SIGNATURES FROM MY KEY.
Is that plain enough for you?
> Had Martin never mentioned this, it would have been a non-issue.
> There is no real damage. While signatures may have been based on a
> non-offical ID, Martin did indeed own the key in question, so the
> end harm is zero. But Martin decided to publish this experiment
Err, while you so assert, and perhaps you have inside
information that enables you to make that statement, I have no such
recourse. How do I know someone called Martin does own that key,
except by hearsay?
> So, if KSPs are not changed, then the Web of trust becomes
> effectively worthless. Manoj should be far more concerned about
> that, then about Martin's demonstration of this.
Well, KSP's in Debian are essentially dead, as far as I am
concerned, since the community has not come to an agreement that
bringing Bubba's passports is an unacceptable action. Everyone is
actring the ostrich, claiming that the burden lies on the
verification process of the signer, despite the fact that it is
essentially impossible to detect the forgery without specialized
equipment and access to government data files.
Since we have rejected a social workaround of deprecating
Bubba's passports (like, you know, in other unpublished "tests"), I
fail to see how one can actually sign a key in the community. I
can't tell Bubba's ID's from the official ones.
On 30 May 2006, Joe Smith told this:
> Let me try to spell it out another way. Either the entity at the
> the KSP who was allegedly Martin Krafft was indeed Martin Krafft, or
> he was not. It must be one or the other; you seem to be arguing
> things both ways, and you don't get to do that.
Sigh. Your logic is flawed. I met someone who claimed to be
Martin. I find that there is now doubt about the papers presented by
such an individual. A person who owns that key claims to have
presented papers of uncertain provenance. If you think this has
nothing to do with the validity of the process of signing that key,
especially since my memory of the actual checking process is
unclear, and that many people bought into that identity papers, I
certainly am ginna lower the trust I place in your ability to
determine how the web of trust is extended.
On 30 May 2006, Henning Makholm stated:
> Scripsit Manoj Srivastava <[EMAIL PROTECTED]>
>
>> Nothing that a general software developer can do to check an ID is
>> proof against a determined individual, we all assume that there is
>> a gentleman's agreement in place that such an attack is not
>> mounted.
>
> If you _really_ believed that you could depend on people keeping any
> gentleman's agreement, the whole charade of holding a KSP would be
> completely pointless.
If you think that you can check an ID if there are no
expectations of good faith, then you are sticking your head in the
sand, and ignoring the fact that false identification papers, made
from official blank passports, are readily available, in all parts of
the world (despite what Ron Johnson said out of sheer ignorance).
>
> The only reason to hold a KSP is that one _does not_ believe that
> people are capable of keeping gentlemen's agreements.
>
Then you might as well sign every key on the key servers --
since for a couple of hundred dollars anyone can present you with any
ID.
> A security mechanism that only works in the non-presense of
> fraudsters is no security mechanism at all.
> A KSP that depends on there being any pre-existing trust to abuse is
> *completely worthless* as a KSP whether or not that trust is abused
> or not.
>
You just dismissed signing PKA keys by individuals. There is
no way that an individual with access to official records can
determine if a particular passport is a "test" passport or not.
On 30 May 2006, Steve Langasek said:
> On Tue, May 30, 2006 at 06:28:32AM -0500, Manoj Srivastava wrote:
>> Nothing that a general software developer can do to check an ID is
>> proof against a determined individual, we all assume that there is
>> a gentleman's agreement in place that such an attack is not
>> mounted.
>
> I assume no such thing. I maintain a healthy degree of skepticism
> regarding the true motives and identities of everyone, including
> those whose keys I've signed. It just doesn't interfere with my
> ability to work with people in advancement of Debian's goals,
> because I recognize that statistically it can't *matter*: assuming
> the worst about people is no better than assuming the best, because
> it basically requires throwing away all collaboration in a project
> like this in spite of the fact that in over 10 years of Debian's
> existence
In other words, in 10 years of Debian's existence, no one has
violated the trust, so now you expect people not to bring in
passports from Bubba. I agree. We have 10 years of history of
people not violating the gentlemen's agreement that we are aware of.
> In other better words, Bubba is known to sell forgeries, but the
> Transnational Republic is not known to sell them.
You might have a trust path to such information. I am pretty
sure I do not. I see little difference between Bubba's Transnational
Republic ID's and Transnational Republic's ID's that say
Transnational Republic, given the knowledge I currently possess.
manoj
--
Isn't air travel wonderful? Breakfast in London, dinner in New York,
luggage in Brazil.
Manoj Srivastava <[EMAIL PROTECTED]> <http://www.debian.org/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
