Re: [Debconf-discuss] list of valid documents for KSPs (was: Please revoke your signatures from Martin Kraff's keys)
On Sat, May 27, 2006 at 02:12:48PM -0700, Steve Langasek wrote: > On Sat, May 27, 2006 at 05:28:35PM +0200, Filippo Giunchedi wrote: > > Is there a list of official documents (with photos) that we can consider > > acceptable for a KSP?. If there's not we definitely need one. > > However this is rather tricky because the list itself should be > > authenticated > > somehow, with a (gpg)signed photo of the person in charge for it? It seems > > clear > > that having the list somehow authoritative creates a chicken-egg problem. > > Not meaningful. Individual KSP participants are still free to apply their > own personal standards for ID verification; attempting to "standardize" them > likely just means fewer KSP participants in the future. Regardless of this, I think it would be nice to have a document (wikipedia article?) listing official documents of countries all over the world. KSP attendants need not base their decissions on this, but could be useful as background information. If someone opens up a Wikipedia article on this, maybe extending http://en.wikipedia.org/wiki/Identity_document (which only describes *national* cards) I would gladly contribute to it. Regards Javier signature.asc Description: Digital signature ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On Sat, May 27, 2006 at 04:47:20PM -0500, martin f krafft wrote: > The Debian project heavily relies on keysigning for much of its > work. However, I think the question what the signing of a key > actually accomplishes has not been properly addressed. In my > opinion, from the point of view of the Debian project, a person's > actual identity (as in the name on your birth certificate) matters > very little; the Debian project does not actively interfere with > a person's real life in such a way as to require the birth > certificate identity (legal cases, liability issues, etc.). I don't agree that the Debian project shouldn't care about being able to map the names of its contributors back to real-world entities. The work we do in Debian has real-world impact on lots of people, and if someone attacks the integrity of Debian from the inside they should expect real-world consequences for doing so. Having a contributor's real name is an aid to holding them accountable, even though it's neither globally unique nor permanent. > Moreover, it's rather trivial in several countries of this world to > change your official name. In this context, even the claim that in > the case of a trust abuse, your reputation throughout the FLOSS > community (and the rest of the Internet) should be properly > tarnished, does not stand, IMHO. In the jurisdictions I'm familiar with, unless you're in a witness protection program, changing one's official name is accompanied by open court records showing the old and new names and it is thus not a terribly effective means of avoiding pesky inconveniences like creditors and criminal charges. So legally changing your name isn't going to stop us from getting your ass thrown in jail for computer crimes; OTOH, if you were using a pseudonym in the first place and no one detected it, that may be more of an obstacle. > I imagine an improved protocol for the keysigning, which is based on > an idea I overheard after the party (and someone mentioned it in the > thread): instead of the everyone-signs-everyone approach, it might > be interesting to investigate forming groups (based on connectivity > statistics) such that everyone's mean distance in the web of trust > can be increased by a fair amount in a short amount of time. At the > same time, such circles could be used for education by those with > high connectivity (and thus much experience). The problem here is of > course the somewhat unreliable attendance of people. Comments > welcome. I agree that this is the way to go. Who has time to work on implementing the necessary code? > also sprach Enrico Zini <[EMAIL PROTECTED]> [2006.05.25.1218 -0500]: > > However, from the book you don't get the address of madduck's > > home, which is what you want when you have to go and drag him to > > jail if he willingly uploads some malicious code. > Could you even drag me to jail for anything I do (or don't do) in > Debian? Which jurisdiction would be used? Who'd be the prosecutor? > What kind of legal claims would actually stand a chance? There are federal computer crime laws in the US that would cover things like trojaning packages or rooting Debian servers. http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm suggests that EU member states should have laws criminalizing such activities as well, though I don't know the implementation details of any. That would certainly cover the majority of DDs today, anyway. And for the rest, we always have the CIA to kidnap them for us so they can be tried in the US. :-P -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ signature.asc Description: Digital signature ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
Quoting Andreas Barth ([EMAIL PROTECTED]): > I know that Peter Palfrader (weasel) submits sometimes a clear fake key > to KSPs and looks for people signing it. (No, there is nobody there who > claims to be that person. Only the key on the list.) For future reference, I personnally dislike people trying to trick down other people. If the above is meant to later mail the people inadvertently signing the "fake" key, I'm OK with it. If this is intended to make a self-statement like " this person is not thrustworthy because she signed a key that wasn't in the keysigning party", then I think this crosses my own personal line signature.asc Description: Digital signature ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] Please revoke your signatures from Martin Kraff's keys
On Fri, May 26, 2006 at 12:33:54PM -0500, Gunnar Wolf wrote: > Within the Schengen area (European Union plus Norway, Vatican, > and... any others?), you travel between countries without even > waving your passport at anybody. Yes, but that's because the Schengen area is one area in this. You still need proof of being allowed to be in the Schengen area. It is only a change in scale, not in nature. -- Lionel ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On Fri, May 26, 2006 at 04:54:19PM +0200, Javier Fernández-Sanguino Peña wrote: > On Thu, May 25, 2006 at 05:45:42PM -0700, Paul Johnson wrote: >> On Thursday 25 May 2006 15:26, Mike Hommey wrote: >>> I'm pretty sure we can find official IDs that look so lame that you'd think >>> it's a fake > Also worth noting that Spanish driving license IDs are on that group. > I have always wondered why they are useful in Spain for ID purposes (even for > voting in general ellections) since it's a boy's game to unstaple somebody's > picture from his driving license and go vote with his ID and your picture in > it [0]. Go figure. > [0] As long as he doesn't go and vote too, since the people in the voting > table > would notice that he has voted twice and probably would have to reject the > whole voting box of that table (as they would be unable to find and remove > the previous voters' vote). Nah, they would just keep the real guy from voting. -- Lionel ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] Please revoke your signatures from Martin Kraff's keys
On Sat, May 27, 2006 at 04:07:22PM +0200, Martijn van Oosterhout wrote: > The obvious example is the UK, which insists on checking your > passport if you come from the mainland. The www.britishembassy.gov.uk website suggests EEA nationals need only an ID card. -- Lionel ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] list of valid documents for KSPs
Goswin von Brederlow <[EMAIL PROTECTED]> writes: > But then again people could lookup say mexican IDs and visas before > going to a KSP in mexico so they have some clue what it should look > like. Actually, in the present case, I believe it turns out that Martin Krafft's ID was exactly what it claimed to be, an identification card issued by the Transnational Republic, which is not a fake-ID shop, but is also not an actual government. So if anything, the problem is *not* that we have trouble distinguishing genuine credentials from forged ones. No. The problem is that people have trouble distinguishing genuine *nations* from forged ones. So all those people who believe there is a country known as the "Transnational Republic", should rightly have egg on their faces. Fixing this problem, if indeed it is a problem, does not require us to learn better how to distinguish genuine credentials from forged ones. It might, however, require giving an atlas to Debian developers who apparently think that the Transnational Republic is a real country. Thomas ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] list of valid documents for KSPs
Steve Langasek <[EMAIL PROTECTED]> writes: > On Sat, May 27, 2006 at 05:28:35PM +0200, Filippo Giunchedi wrote: >> Is there a list of official documents (with photos) that we can consider >> acceptable for a KSP?. If there's not we definitely need one. >> However this is rather tricky because the list itself should be authenticated >> somehow, with a (gpg)signed photo of the person in charge for it? It seems >> clear >> that having the list somehow authoritative creates a chicken-egg problem. > > Not meaningful. Individual KSP participants are still free to apply their > own personal standards for ID verification; attempting to "standardize" them > likely just means fewer KSP participants in the future. But then again people could lookup say mexican IDs and visas before going to a KSP in mexico so they have some clue what it should look like. If you take the list as informative instead of as exclusive it can have meaning. MfG Goswin ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] Please revoke your signatures from Martin Kraff's keys
Lionel Elie Mamane wrote: > On Sat, May 27, 2006 at 04:07:22PM +0200, Martijn van Oosterhout wrote: > > > The obvious example is the UK, which insists on checking your > > passport if you come from the mainland. Passport or ID Card, that is. > The www.britishembassy.gov.uk website suggests EEA nationals need only > an ID card. A Passport is often recommended regardless. It doesn't get stamped. Thiemo ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
[Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On Sat, May 27, 2006 at 04:47:20PM -0500, martin f krafft wrote:
> Dear Manoj, dear fellow DDs,
Hi, I'm just going to address the question you made that was directed to me.
> also sprach Javier Fernández-Sanguino Peña <[EMAIL PROTECTED]>
> [2006.05.25.1300 -0500]:
> > FWIW, I noted down those keys I would *not* sign and didn't tell
> > the people at the KSP that I would not sign them. I guess his
> > experiment "only one in ten said that they would *not* sign it" is
> > moot unless he backs it up with the signatures he eventually got
> > sent from those he showed a wrong ID to.
>
> Out of curiosity, did you mark my key to be "questionable"?
Yes. But then again, you have to trust that I did since you cannot
see the (2) I added next to your name and the ID check :-)
(on a scale of 1-5 with 5 being the highest). You got a (2) (and
not a (1) like others did) not because of your ID but because we actually
talked throughout the Debconf.
> The point you raise is a valid one. However, given how many people
> just don't sign keys after keysignings, the data would be skewed in
> the other direction.
True. But skew is always present in lies^statistics :-)
> I do not yet understand why some people do not confront those with
> questionable IDs. Maybe you can shine some light on that.
For two reasons:
1.- People might not have a better ID (I guess I trust people to bring
their best ID to the KSP) and that means that:
a) they will be ashamed that they cannot provide a better ID
b) they will be offended that I don't trust their national ID
c) they will not understand why I'm asking for a better ID
2.- Lack of time and peer pressure ("you are taking too long!")
The only case in which I would bother explaining is 1-b, but with 2) taken
into account I did not had time to explain why their ID was not sufficient
for me. And I can actually do that (with a canned e-mail) after the KSP.
Hope that explains it.
Javier
signature.asc
Description: Digital signature
___
Debconf-discuss mailing list
Debconf-discuss@lists.debconf.org
http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
Hi, > First of all, my name is Martin Felix Krafft (with a final 't'), and > my GPG key ID is 0x330c4a75. The unofficial ID I presented listed > that name (without the middle name), a photo is available from [1] > (sorry, can't do better now). Thus, the ID card is an unofficial > card, but the identity it claims is my real identity, not a fake > one. To me, this is an important distinction in the context of this > discussion. This has opened a can of worms; because your transnational ID was as official as it could get. Most of us do not know what other countries consider to be official, and it's more of an intent and goodwill rather than scientific or legally binding officialness that we are signing and interchaning keys based on ID cards. regards, junichi -- [EMAIL PROTECTED],netfort.gr.jp} Debian Project ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
[Debconf-discuss] Alternative keysigning procedures
On Sun, 2006-05-28 at 04:54 -0700, Steve Langasek wrote: > On Sat, May 27, 2006 at 04:47:20PM -0500, martin f krafft wrote: > > > I imagine an improved protocol for the keysigning, which is based on > > an idea I overheard after the party (and someone mentioned it in the > > thread): instead of the everyone-signs-everyone approach, it might > > be interesting to investigate forming groups (based on connectivity > > statistics) such that everyone's mean distance in the web of trust > > can be increased by a fair amount in a short amount of time. At the > > same time, such circles could be used for education by those with > > high connectivity (and thus much experience). The problem here is of > > course the somewhat unreliable attendance of people. Comments > > welcome. > > I agree that this is the way to go. Who has time to work on implementing > the necessary code? It is something that has been discussed before, and it was certainly something that I was discussing with Anibal after the keysigning. The concept that Anibal and I were discussing post-keysigning was as follows: (a) Order the list of keysigning participants by centrality. (b) Decide on a group size for the keysigning. Something around 10-15 seems likely to be a worthwhile choice. (c) Allocate partcipants to the groups in a round robin following centrality order and starting with the most central. Produce the keysigning list, with group numbers in addition to the key numbers (or perhaps instead of). All of the other pre-keysigning activities are the same. At the keysigning, the initial reading out of MD5 / SHA1 of the keysigning list would still happen, as it normally does. After this, the keysigning would follow two parts: Part One People split into their assigned groups and cross-sign only within those groups. The intention is that these groups are small enough that everyone can see everything that is going on. Experienced people can be observed performing comprehensive checks, and inexperienced people can be educated. Part Two Optionally, after part one is complete, some people may choose to personally and individually participate in keysignings outside of their assigned groups. Note that this can still be facilitated by the fact that both individuals have their fingerprints within the keysigning list. == Finito. And gradually it fades out. Rationale = Keysignings stop being fun ways to meet people after about 15 minutes. For me, the worst experience was in Helsinki, with around 300 people, getting sunburned in a carpark. Keysignings are about improving the web of trust. The most efficient enhancement of the web of trust will be if the edges exchange keys with the middle. Signing keys with _everyone_ is inefficient, unnecessary and promotes competitive behaviour rather than trust relationships. Keysignings should promote education of WoT best practices, and not _worst_ practices. Keysignings should not take more than one hour. So that's my 2c. If people agree that this would be a useful approach, I am willing to undertake to provide some additional tools within the signing-party package to make such a keysigning more easily doable. Of course the above does not address how to handle the people who didn't manage to get their act together soon enough to be in the initial list. There are several ways to deal with this also: 1) The "additional list" is produced, SHA1'd, read, but these people can only participate in "Part Two" above. 2) The "additional list" is produced and these people are also allocated to groups in round robin, but randomly, rather than in centrality order. and no doubt there are other ways to deal with it... Regards, Andrew. PS. Please feel free to CC me on replies, since I am not subscribed to Debian Devel and I _do_ have sane procmail dupe filters :-) - Andrew @ Catalyst .Net .NZ Ltd, PO Box 11-053, Manners St, Wellington WEB: http://catalyst.net.nz/PHYS: Level 2, 150-154 Willis St DDI: +64(4)803-2201 MOB: +64(272)DEBIAN OFFICE: +64(4)499-2267 Be different: conform. - signature.asc Description: This is a digitally signed message part ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
Junichi Uekawa <[EMAIL PROTECTED]> writes: > This has opened a can of worms; because your transnational ID was as > official as it could get. Most of us do not know what other countries > consider to be official, and it's more of an intent and goodwill > rather than scientific or legally binding officialness that we are > signing and interchaning keys based on ID cards. Wow, you thought there was a country called the Transnational Republic? Or you thought that Germany prints ID cards with "Transnational Republic" on them? Or what, exactly? ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
[Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On 27 May 2006, martin f. krafft spake thusly: > Dear Manoj, dear fellow DDs, > > I guess I could have known that this experiment of mine would turn > into a huge thread, unfortunately extending across two mailing > lists. Thus, it is surely in order for me to apologise for being the > cause that your inboxes filled up. Any act of deception, meant to exploit the weaknesses of the system rather than participating in a key signing in good faith is likely to have had this effect, yes. > 0. http://blog.madduck.net/geek/2006.05.24-tr-id-at-keysigning > > First of all, my name is Martin Felix Krafft (with a final 't'), and > my GPG key ID is 0x330c4a75. The unofficial ID I presented listed > that name (without the middle name), a photo is available from [1] > (sorry, can't do better now). Thus, the ID card is an unofficial > card, but the identity it claims is my real identity, not a fake > one. To me, this is an important distinction in the context of this > discussion. Err, so you claim. I have no means of determining if this is true. The official ID's issued as travel papers have a certain trust metric: there are international agreements that are enforced when it comes to travel documents. Each government, in order to allow it's citizens the right of travel abroad, goes through certain measures to tie down the papers issued to their citizens, and there are various standards that are applicable to identity verification. An so called "unofficial" document, purchased from some unknown entity, which has not entered into these international agreements, does not carry the same weight. The only reason for having a key signed is to associate an identity, even if indirectly, by proxy, via a government issued identity document; the tacit understanding is that the cheks and verification conducted by the governments to meet the international agreements are "good enough". Now let me talk about Bubba. Bubba is an entrepreneur, who has dedicated his professional career to serving the freshmen of University of Tennessee at Knoxville, in meeting their obligations and rights as college students to worship at the altar of Bacchus. On examinations of the Benjamins, and other documents bearing the imprints various presidents of the United States, he provides you, after due process, travel documents of various domains and verisimilitude. If I were to crack a key signing party, using Bubba's travel documents, I too would swear up and down the street that he indeed correctly and diligently verified all kinds of _other_ government ID's when practising his art. Any one would have their right to doubt further protestations from a known cheater: how do we know this is not an further elaborate test of the credulity of the community at large? > > From within the project, what matters is that everything you do > within the project can be attributed to one and the same person: the > same person that went through our NM process. The GPG key is one > technical measure to allow for this form of identification. Its > purpose is not, as Micah Anderson states, a means to confirm the > validity of a government-issued ID. A GPG key that can not be traced to a real person who has introduced a trojan into Debian and has stolen valuable data (perhaps, just as another "test" to prove how stupid people are to trust Debian), is worth less than a key that can implicate a real person, and perhaps mitigate some damage done by the attack. >> I do not need an ID to identify martin, so i dont need to rely on >> his (forged or real) passport or other id from him in order to >> sign his key. If you did not know him before you should not sign >> his key (if your judgement was based on the unofficial ID). >> Maybe we should just drop holding KSPs, and fall back to the >> traditional method of "Hey, nice dinner we had yesterday. Say, now >> that you know me, my family and my history, would you like to sign >> my key as well?" - Signing for people you actually know, not just >> linking > > In my eyes, this is exactly what a keysigning is and should be all > about: a statement of familiarity with a person, nothing more and > nothing less. And as a project, we should either accept that, or > find a better way to identify our developers. This is also silly --- what is the trust path he has to the crackers identity? Say, some person walks up to a LUG or linuxtag or debconf and says, "Hi, I am Donal Duck". He proceeds to talk about free software, goes out for drinks, and tells a fine tale. He does so again a year later, again calling himself Donal Duck. Now, with the help of Bubba, he walks in, and our dear friend would happily sign the key of young Donal. Knowing the person does no good for real identity verification if we accept the behaviour of presenting Bubba's identity papers. > So what to do in this very situation? Should you re
[Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
Manoj Srivastava <[EMAIL PROTECTED]> writes: > Any act of deception, meant to exploit the weaknesses of the > system rather than participating in a key signing in good faith is > likely to have had this effect, yes. That's true. What about Martin's actions, as they have been reported, makes you think there was any deception going on? > An so called "unofficial" document, purchased from some unknown > entity, which has not entered into these international agreements, > does not carry the same weight. Oh, this is certainly true. But there isn't anything particularly deceptive about me presenting an ID that is *not* from a government; it simply shouldn't be accepted by itself as evidence of identity, that's all. It's certainly not dishonest. Now, the first people who signed my Debian key were developers who knew me personally. They didn't look at any ID at all. How's that?! Seems perfectly reasonable to me. The purpose of the ID is to satisfy the signatory about identity; if they are otherwise satisfied, then that's great. And, incidentally, the Transnational Republic is not an unknown entity in the objective sense, though certainly a given signer might not know it. Signers should certainly not trust IDs from organizations they've never heard of. But that doesn't mean that it's wrong to present an ID from such an organization. It might well be that the Transnational Republic's procedures are sufficiently controlled that their IDs are perfectly trustable, by those who know of its existence and nature. (For example, my university ID card should not be adequate ID to someone who doesn't know of the University of California or its procedures for checking identity. But to someone who does, perhaps to a fellow member of the institution, the ID card might well be a perfectly satisfactory basis for a signature on a key.) > If I were to crack a key signing party, using Bubba's travel > documents, I too would swear up and down the street that he indeed > correctly and diligently verified all kinds of _other_ government > ID's when practising his art. How is it "cracking" to use Bubba's documents? People who do not know and trust Bubba should not accept the ID, period. > Any one would have their right to doubt further protestations > from a known cheater: how do we know this is not an further elaborate > test of the credulity of the community at large? How does Martin rank as a "known cheater"? You seem to be *assuming* that he was dishonest, as part of your proof that what he did was dishonest. This looks for all the world as if *YOU* were taken in, and rather than wipe the egg off your face and promise to check IDs more carefully in the future, you're blaming him for your failure to notice that the Transnational Republic is not a real country. > I have not, and never will sign your key, ever again. I don't > trust you to present identity papers that are trustworthy -- unless I > can get a law enforcement official I select to test and verify your > papers, and possibly not then. Really? Why? What has Martin done to lose your trust? Please lead me through it carefully, because it seems like you're skipping a step. Start with the evidence you have for your assertions, whatever they are. > Well, yes, since the KSP was indeed subverted, I am not > signing any keys from this event. I am considering not signing keys > from the Debian community, since it apparently condones Bubba ID > papers. How was the KSP "subverted"? Who has said that IDs from the Transnational Republic are condoned? Thomas ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On Sun, May 28, 2006 at 08:57:55PM -0700, Thomas Bushnell BSG wrote: > > If I were to crack a key signing party, using Bubba's travel > > documents, I too would swear up and down the street that he indeed > > correctly and diligently verified all kinds of _other_ government > > ID's when practising his art. > How is it "cracking" to use Bubba's documents? People who do not know > and trust Bubba should not accept the ID, period. Heh, I think you missed the subtext of Manoj's hypothetical, which is that Bubba sells fake IDs to underage students. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ signature.asc Description: Digital signature ___ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
