Re: [Debconf-discuss] Follow-up: additional checks you can do

2006-05-29 Thread Ben Hutchings 
Manoj Srivastava wrote: 
> On 27 May 2006, Moritz Muehlenhoff stated:
> 
> > I'm more in favour of the trouble-maker part. I had a printed copy
> > from Anibal because I was on the road in Mexico prior to DebConf and
> > couldn't make a printout in time.  If you would have asked, I would
> > have confirmed you that I had checked the file by the checksum read
> > aloud by Martin. In fact, my paper did even have checkmarks on it.
> 
> How do you know the piece pf paper you got came from the file
>  whose fingerprint was read?


It's not necessary to know that at the time of the KSP, because it only
serves as a list of names (and maybe some other identifiers such as DoB)
to be checked.  Of course it is essential to compare those details
between paper and file before selecting the keys to sign from the file.

Ben.

-- 
Ben Hutchings
Anthony's Law of Force: Don't force it, get a larger hammer.


signature.asc
Description: This is a digitally signed message part
___
Debconf-discuss mailing list
Debconf-discuss@lists.debconf.org
http://lists.debconf.org/mailman/listinfo/debconf-discuss

Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys

2006-05-29 Thread Thomas Bushnell BSG 
Steve Langasek <[EMAIL PROTECTED]> writes:

> On Sun, May 28, 2006 at 08:57:55PM -0700, Thomas Bushnell BSG wrote:
>
>> > If I were to crack a key signing party, using Bubba's travel
>> >  documents, I too would swear up and down the street that he indeed
>> >  correctly and diligently verified all kinds of _other_ government
>> >  ID's when practising his art.
>
>> How is it "cracking" to use Bubba's documents?  People who do not know
>> and trust Bubba should not accept the ID, period.
>
> Heh, I think you missed the subtext of Manoj's hypothetical, which is that
> Bubba sells fake IDs to underage students.

So, if the ID says on it, "Bubba's Fake ID Shop", I'm not sure I see
the problem.  In other words, Bubba sells forgeries, but the
Transnational Republic does not.

Thomas
___
Debconf-discuss mailing list
Debconf-discuss@lists.debconf.org
http://lists.debconf.org/mailman/listinfo/debconf-discuss

Re: [Debconf-discuss] Please revoke your signatures from Martin Kraff's keys

2006-05-29 Thread Mauro Parra 
Hello, On 5/26/06, David Moreno Garza <[EMAIL PROTECTED]> wrote:
You _usually_ don't get your passport stamped? Really? In recent flights?I have never entered Mexico back without the Immigration seal.Yeah, depends on the mood of the one attending you. 
True! And even by plane! Which I found extremely suspicious when gramtold me he only used his Texas ID card to travel from there to Benito
Juárez airport.Americans need practically nothing to get into Mx. Just a "proof" of being americans (birth cert and so).  
> you were to that country. I have seen this both in Cuba and in> Israel.That's interesting.In the case of Cuba, they don't want to fuck your relations with US, since there is a fine for people buying cuban products (if you are american, of course; in my case, i can get some issues in my reentry to US if they see a cuban sell on my passport). 
 Regards,M-- Mauro Parrawww.mechulk.com
___
Debconf-discuss mailing list
Debconf-discuss@lists.debconf.org
http://lists.debconf.org/mailman/listinfo/debconf-discuss

Re: [Debconf-discuss] list of valid documents for KSPs (was: Please revoke your signatures from Martin Kraff's keys)

2006-05-29 Thread David Moreno Garza 
Javier Fernández-Sanguino Peña wrote:
> Regardless of this, I think it would be nice to have a document (wikipedia
> article?) listing official documents of countries all over the world. KSP
> attendants need not base their decissions on this, but could be useful
> as background information.
> 
> If someone opens up a Wikipedia article on this, maybe extending
> http://en.wikipedia.org/wiki/Identity_document (which only describes
> *national* cards) I would gladly contribute to it.

But again, should I trust someone else while checking the identity of
the holder of a weird (for me) passport?

-- 
David Moreno Garza <[EMAIL PROTECTED]>   |  http://www.damog.net/
   <[EMAIL PROTECTED]>  |  GPG: C671257D
 ¿Quién lo viera orinando en un cajero?

___
Debconf-discuss mailing list
Debconf-discuss@lists.debconf.org
http://lists.debconf.org/mailman/listinfo/debconf-discuss

[Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys

2006-05-29 Thread Roberto C. Sanchez 
Manoj Srivastava wrote:
> On 27 May 2006, martin f. krafft spake thusly:
> 
> 
>>Dear Manoj, dear fellow DDs,
>>
>>I guess I could have known that this experiment of mine would turn
>>into a huge thread, unfortunately extending across two mailing
>>lists. Thus, it is surely in order for me to apologise for being the
>>cause that your inboxes filled up.
> 
> 
> Any act of deception, meant to exploit the weaknesses of the
>  system rather than participating in a key signing in good faith is
>  likely to have had this effect, yes.
> 

I'm sorry to join this thread, but I am wondering what Martin's
deception was.  As I understand it, he used a form of identification
which was issued by an organization which is not recognized as the
governing body of any place in particular.  The identification showed
his real name and real likeness [0].  He did not misrepresent any
information in either obtaining the document or in presenting it to
those who requested he identify himself.  So, to the best of my
reckoning, this is all really an issue dealing with the fact that there
exist organizations which we would not trust to do certain things.  I
think this is hardly an earth-shattering revelation.

-Roberto

[0] At least as far as those things have been previously known.

-- 
Roberto C. Sanchez
http://familiasanchez.net/~roberto


signature.asc
Description: OpenPGP digital signature
___
Debconf-discuss mailing list
Debconf-discuss@lists.debconf.org
http://lists.debconf.org/mailman/listinfo/debconf-discuss

Re: [Debconf-discuss] Alternative keysigning procedures

2006-05-29 Thread Aníbal Monsalve Salazar 
On Sun, May 28, 2006 at 06:40:28PM -0500, Andrew McMillan wrote:
>On Sun, 2006-05-28 at 04:54 -0700, Steve Langasek wrote:
>>On Sat, May 27, 2006 at 04:47:20PM -0500, martin f krafft wrote:
>>
>>>I imagine an improved protocol for the keysigning, which is based on
>>>an idea I overheard after the party (and someone mentioned it in the
>>>thread): instead of the everyone-signs-everyone approach, it might
>>>be interesting to investigate forming groups (based on connectivity
>>>statistics) such that everyone's mean distance in the web of trust
>>>can be increased by a fair amount in a short amount of time. At the
>>>same time, such circles could be used for education by those with
>>>high connectivity (and thus much experience). The problem here is of
>>>course the somewhat unreliable attendance of people. Comments
>>>welcome.
>>
>>I agree that this is the way to go.  Who has time to work on implementing
>>the necessary code?

[Sending to -devel only]

I just talked to a friend who is an expert in mathematics (Senior
Lecturer of Deakin University, Melbourne). He said the problem is
a discrete programming problem and could be represented as a
classical problem with a known solution algorithm. He will futher
look into this problem.

I'll do the coding of the optimization program (with his help).

>It is something that has been discussed before, and it was certainly
>something that I was discussing with Anibal after the keysigning.
>
>The concept that Anibal and I were discussing post-keysigning was as
>follows:
>
>(a) Order the list of keysigning participants by centrality.
>
>(b) Decide on a group size for the keysigning.  Something around 10-15
>seems likely to be a worthwhile choice.
>
>(c) Allocate partcipants to the groups in a round robin following
>centrality order and starting with the most central.

To allocate participants in each group we'll use the optimization
program to improve the mds of all ksp participants.

>Produce the keysigning list, with group numbers in addition to the key
>numbers (or perhaps instead of).
>
>All of the other pre-keysigning activities are the same.
>
>At the keysigning, the initial reading out of MD5 / SHA1 of the
>keysigning list would still happen, as it normally does.
>
>After this, the keysigning would follow two parts:
>
>Part One
>
>
>People split into their assigned groups and cross-sign only within those
>groups.  The intention is that these groups are small enough that
>everyone can see everything that is going on.  Experienced people can be
>observed performing comprehensive checks, and inexperienced people can
>be educated.
>
>Part Two
>
>
>Optionally, after part one is complete, some people may choose to
>personally and individually participate in keysignings outside of their
>assigned groups.  Note that this can still be facilitated by the fact
>that both individuals have their fingerprints within the keysigning
>list.

The group of "Part Two" could consist of people with the lowest mds
and people who want to participate in keysignings outside of their
"Part One" groups.

>==
>Finito.
>And gradually it fades out.
>
>
>Rationale
>=
>
>Keysignings stop being fun ways to meet people after about 15 minutes.
>For me, the worst experience was in Helsinki, with around 300 people,
>getting sunburned in a carpark.
>
>Keysignings are about improving the web of trust.  The most efficient
>enhancement of the web of trust will be if the edges exchange keys with
>the middle.  Signing keys with _everyone_ is inefficient, unnecessary
>and promotes competitive behaviour rather than trust relationships.
>
>Keysignings should promote education of WoT best practices, and not
>_worst_ practices.
>
>Keysignings should not take more than one hour.
>
>
>So that's my 2c.
>
>
>If people agree that this would be a useful approach, I am willing to
>undertake to provide some additional tools within the signing-party
>package to make such a keysigning more easily doable.
>
>Of course the above does not address how to handle the people who didn't
>manage to get their act together soon enough to be in the initial list.
>There are several ways to deal with this also:
>
>1) The "additional list" is produced, SHA1'd, read, but these people can
>only participate in "Part Two" above.
>
>2) The "additional list" is produced and these people are also
>allocated to groups in round robin, but randomly, rather than in
>centrality order.

Or we could use the optimization program to allocate people in the
"additional list" to the small groups.

>and no doubt there are other ways to deal with it...
>
>
>Regards,
>   Andrew.
>
>PS.  Please feel free to CC me on replies, since I am not subscribed to
>Debian Devel and I _do_ have sane procmail dupe filters :-)
>
>-
>Andrew @ Catalyst .Net .NZ  Ltd,  PO Box 11-053, Manners St,  Wellington
>WEB: http://catalyst.net.nz/

Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys

2006-05-29 Thread Henrique de Moraes Holschuh 
On Sat, 27 May 2006, Penny Leach wrote:
> struck me as a little bit silly. Penny is clearly short for Penelope.

Only if you are reasonably well acquinted with the English language and
usual english names and nicknames.

> Perhaps this was my bad when I made the key & displayed a lack of foresight.

There is nothing stopping you from adding a new user-id with your full name
and the same email address as you have in your "Penny Leach" user-id.  In
fact, I suggest you do so and add that user-id.  People can chose which one
to sign, they are not forced to sign all user-ids in a key...

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh
___
Debconf-discuss mailing list
Debconf-discuss@lists.debconf.org
http://lists.debconf.org/mailman/listinfo/debconf-discuss

[Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys

2006-05-29 Thread Wouter Verhelst 
On Sun, May 28, 2006 at 10:37:39PM -0500, Manoj Srivastava wrote:
> On 27 May 2006, martin f. krafft spake thusly:
> > From within the project, what matters is that everything you do
> > within the project can be attributed to one and the same person: the
> > same person that went through our NM process. The GPG key is one
> > technical measure to allow for this form of identification. Its
> > purpose is not, as Micah Anderson states, a means to confirm the
> > validity of a government-issued ID.
> 
> A GPG key that can not be traced to a real person who has
>  introduced a trojan into Debian and has stolen valuable data
>  (perhaps, just as another "test" to prove how stupid people are to
>  trust Debian), is worth less than a key that can implicate a real
>  person, and perhaps mitigate some damage done by the attack.

You're making fun of yourself.

If someone willingly introduces a trojan into Debian, and they did so by
means of a GPG key bearing their own name, then we have no more or less
problems than when this would happen if done by means of a GPG key
bearing the name of 'Poo', the teletubbie. The fact that my key does
indeed bear my own name does not in any way 'mitigate' anything that I
might perhaps do to harm the Project (not that I in any way intend to do
so). The problem would exist, the damage would be done, and it would be
a real-world problem whether or not we would be able to point fingers.

Then there's the issue of tracing who did an actual upload into the real
world. A name on a GPG key is not, by any means, an effective way to do
that, since it does not contain enough information to get out the black
helicopters. Case in point:



I am not a professional volleybal player who make appearances on TV.
However, this person is, and he bears my name. It is written exactly the
same way. By way of a name on a GPG key _only_, you would be able to
trace anything I might have done to me; but it's just as likely that you
would trace it to this person instead.

What you really need is a way to link a name to an actual person. A GPG
key is not an effective means to do that. If you really want to link a
person's name to a GPG key, then a far more effective way of doing so is
looking at a person's email address (which is globally unique, unlike a
name), contacting the person in charge of the mail server, log the IP
addresses that fetch mail for that person, and contact the owner of the
netblock to find out the snail mail address or phone number of the
person involved.

In other words, I will not object to signing someone's GPG key if it
only contains a nickname rather than an official name (though I might
have second thoughts), but I will _not_ sign _any_ uid on a key of which
I have not personally verified that the person reading the email address
has access to the key.

> > In my eyes, this is exactly what a keysigning is and should be all
> > about: a statement of familiarity with a person, nothing more and
> > nothing less. And as a project, we should either accept that, or
> > find a better way to identify our developers.
> 
> This is also silly --- what is the trust path he has to the
>  crackers identity?  Say, some person walks up to a LUG or linuxtag or
>  debconf and says, "Hi, I am Donal Duck".  He proceeds to talk about
>  free software, goes out for drinks, and tells a fine tale.  He does
>  so again a year later, again calling himself Donal Duck.

This scenario seems highly unlikely.

I expect that anyone willing to work a whole year on building up trust
with people he intends to defraud would be just as willing to pay the
amount of money required to acquire counterfeited, but real-looking, ID
cards.

You are not the CIA, and even they are unable to say with 100% certainty
that people are who they claim to be. I suggest you let it go.

-- 
Fun will now commence
  -- Seven Of Nine, "Ashes to Ashes", stardate 53679.4
___
Debconf-discuss mailing list
Debconf-discuss@lists.debconf.org
http://lists.debconf.org/mailman/listinfo/debconf-discuss

[Debconf-discuss] For the next Debconf KSP: run a "pre-KSP" BOF before?

2006-05-29 Thread Christian Perrier 
A lot of interesting ideas and views have been exchanged during the
long thread about the KSP and related issues. We probably can at least
thanks Manoj (and indirectly Martin Krafft) for being the initiator of
that discussion.

Indeed, this leads me to think that scheduling a BOF/talk *before* the next
big KSP, if it happens at Debconf 7, would be a good thing to do.

We probably have a lot to learn from others in that matters, and that
certainly doesn't only include people who are new at KSP.

I bet that we have at least one person, in the Debian gang, who feels
solid enough on that topic to give a detailed talk about keysigning
and all related issues Don't be shy.

(/me hopes that this hasn't been suggested yet in the giant thread,
which I obviously didn't entirely read)

The only risk, indeed, is that there seem to be as many approaches to
KSP as there are keys in the Debian keyring...so summarizing "good
practices" might be hard...:). That shouldn't prevent us to try.

___
Debconf-discuss mailing list
Debconf-discuss@lists.debconf.org
http://lists.debconf.org/mailman/listinfo/debconf-discuss

Re: [Debconf-discuss] For the next Debconf KSP: run a "pre-KSP" BOF before?

2006-05-29 Thread martin f krafft 
also sprach Christian Perrier <[EMAIL PROTECTED]> [2006.05.30.0802 +0200]:
> A lot of interesting ideas and views have been exchanged during
> the long thread about the KSP and related issues. We probably can
> at least thanks Manoj (and indirectly Martin Krafft) for being the
> initiator of that discussion.

mh. not that I truly mind, but I would think I deserved a little
more "direct" credit at least. The outcome of my experiment is
*exactly* what I wanted; it could not have been better.

> Indeed, this leads me to think that scheduling a BOF/talk *before*
> the next big KSP, if it happens at Debconf 7, would be a good
> thing to do.

+1
Count me in.

> I bet that we have at least one person, in the Debian gang, who
> feels solid enough on that topic to give a detailed talk about
> keysigning and all related issues Don't be shy.

If noone else is interested, I'd do it.

> (/me hopes that this hasn't been suggested yet in the giant
> thread, which I obviously didn't entirely read)

You're the first.

> The only risk, indeed, is that there seem to be as many approaches
> to KSP as there are keys in the Debian keyring...so summarizing
> "good practices" might be hard...:). That shouldn't prevent us to
> try.

... and we are about to revolutionise it.

-- 
 .''`. martin f. krafft <[EMAIL PROTECTED]>
: :'  :proud Debian developer and author: http://debiansystem.info
`. `'`
  `-  Debian - when you have better things to do than fixing a system
 
dies ist eine manuell generierte email. sie beinhaltet
tippfehler und ist auch ohne großbuchstaben gültig.


signature.asc
Description: Digital signature (GPG/PGP)
___
Debconf-discuss mailing list
Debconf-discuss@lists.debconf.org
http://lists.debconf.org/mailman/listinfo/debconf-discuss