On Thu, Jun 11, 2009 at 04:45:29PM +1000, Aníbal Monsalve Salazar wrote: ... > I was thinking about accepting only keys that don't suffer from the > recently discovered weaknesses. > > What people think about that?
I think that's a good idea, given that people can sign with their old keys -- there seems little point in adding weight to a key that one is (should be) retiring in the not too distant future. I have a suggestion for improving the mass-signing procedure. People (manoj? ;-) criticise mass signings on the basis that the take too long and so by the end of it fatigue sets in and it becomes too easy to wave any old ID in front of some people and get them to accept it. The corollary of this is that the level of trust one puts in signatures issued at mass signings is only as high as the competence of the least competent person there, on a bad day. I'd like to reverse that conclusion, so that the signatures generated at our keysignings deserve a level of trust closer to the most diligent person in the room. I think that can be achieved by a couple of simple changes. First, people who are not present should be announced, and the people that are there should make not of that fact, so that someone cannot turn up late in the expectation of more sloppy ID checks. Second, if someone decides not to sign a key on the basis of suspicious documents, they should announce that fact. I'd suggest that the announcement is done by shouting out the key number, and having someone record the numbers. The reason that I suggest shouting is, that despite that meaning that there may be a certain amount of chaos at the start as the dodgy keys are flushed out, it will establish a norm of rejecting dodgy ID, which should work against the default group-think that would be encouraging people not to make a fuss, and so err on the side of generosity. The shouting thing might better be done by having people put their hands up, to get permission to announce their suspicions, rather than everyone just yelling. Other people can then decide to cross that person off their list straight away, or mark them for extra scrutiny, as they see fit. Likewise, late arrivals can expect to get extra scrutiny. In this way the average level of scrutiny should be closer to the upper end of the paranoia of the people there. This would also eliminate people that have fake ID from places that most people wouldn't recognise at all -- we're almost bound to have a local that will recognise it as fake, and so not sign. By adding the denouncement procedure that key will get signed by nobody at the key signing, rather then getting signed by quite a lot of the people who would have been convinced. I'm sure there are ways of optimising this idea. Cheers, Phil. _______________________________________________ Debconf-discuss mailing list [email protected] http://lists.debconf.org/mailman/listinfo/debconf-discuss
