Manoj Srivastava <sriva...@debian.org> writes: > On Mon, Jun 22 2009, Russ Allbery wrote:
>> Going back to the previous discussion in debian-devel about signing a >> key for which the only IDs are pseudonyms, I personally would do >> that, but only if I knew the person personally and knew they were the >> person who used that pseudonym. Which means that in the event of >> smiting being necessary, I would personally be able to trace that key >> to a person. > The key signing then works for you to keep a marker that you > know the person behind the key, but it does not help the Debian project > at large, since you know where to deliver the smite, the current or > future officers of the project may not (especially if you have lost > interest and moved on to better things, as happen to people). For me, there are different levels of reproducibility required in signing a PGP key and in welcoming that person as a Debian Developer. I'm comfortable signing a key for a pseudonym under some circumstances, but I would be a lot more leery of accepting a Debian Developer only known to the project under a pseudonym, even if I knew who the person was personally. I could see it, but the circumstances would have to be fairly exceptional. > The thing is, your identification scheme fails the > reproducibility test; there is no way that the person with the pseudo > (i.e. lie [0]) name can't reproduce the identification challenge > with, say, me, or any wider test authority that does not belong to > the small subset of the people who know the person behind the key > well enough to make the smiting a viable deterrent, Right, this is something that I don't think is necessary for signing a key but which I would be more concerned with in adding someone as a Debian Developer. I sign role keys as well, which to me is a similar situation, but I wouldn't want someone to be able to upload to the repository using a role key. > The set of people familiar with the travel documents is likely > to be larger, and there are back channels to the authoritative > distributors which can be used to deliver the smite to, independent of > personal shared history with the aforementioned individual. For many Debian developers, I have no idea what country they're even from, and some names are quite common and not particularly useful as unique identifiers. I'm unlikely to remember the details of the government-issued ID that I saw when signing their key. I'm much more likely to be able to track down someone who would meet my standard for signing a key under a pseudonym than someone who I met at a key-signing party and checked via government ID. It is, however, a lot harder to write simple and straightforward rules around how one would do that sort of verification than it is to write the rules for a key-signing party using government ID. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
