Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On Wed, Jun 07, 2006 at 01:22:56AM +0100, Wookey wrote: I have no idea what it would take to persuade you that I am who I say I am, but if you _only_ accept National Passports then it would appear to be impossible in my case (which I realise is something of a corner-case). I would probably need to interact more with you than just be face to face in a KSP. As I said in my posts to the thread, that is a generic rule I apply with people I don't know. If I get to know people, talk to them, interact on- and offline then the ID checks might be more permissive as I have other ways to confirm that they are the real person that has access to the private key I'm going to sign. HTH, Javier signature.asc Description: Digital signature
Re: Please revoke your signatures from Martin Kraff's keys
+++ Javier Fernández-Sanguino Peña [06-05-25 20:00 +0200]: That being said I (personally) already decided ...[people] not showing any passports or showing passports: - which did not had the *same* spelling as the name in the key (letter by letter) will not get a signature from me. That's fine of course. Everyone is entitled to their own ID-checking standards. But I should point out that my passport does not match the name on my key because my govt is incapable of issuing an ID with my correct name on it (apparently). Passports office software and issuing practice assumes that the name contains at least one space. I have picture ID with my correct name on it but it is issued by entities much more 'fake' than the Transnational Republic (The Verein fuer Hohlenforscher in Bad Mittendorf, Austria, and Cambridge Universitry library). I have no idea what it would take to persuade you that I am who I say I am, but if you _only_ accept National Passports then it would appear to be impossible in my case (which I realise is something of a corner-case). Wookey -- Aleph One Ltd, Bottisham, CAMBRIDGE, CB5 9BA, UK Tel +44 (0) 1223 811679 work: http://www.aleph1.co.uk/ play: http://www.chaos.org.uk/~wookey/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Please revoke your signatures from Martin Kraff's keys
On Thu, Jun 01, 2006 at 12:41:52AM +0200, Javier Fernández-Sanguino Peña wrote: On Mon, May 29, 2006 at 02:48:33PM +0200, Wouter Verhelst wrote: Then there's the issue of tracing who did an actual upload into the real world. A name on a GPG key is not, by any means, an effective way to do that, since it does not contain enough information to get out the black helicopters. Case in point: (...) Useless case, you seem to believe that police officers can only trace and obtain information from people through Google ! No, I don't. I'm just saying that the name tacked to a GPG key is of far less useful value than the email address which is tacked to the same. I do not know how many cases related to digital crimes have you been involved with or know of, Not many, I'll admit. so please allow me to enlighten you how it could possiby work: - somebody named X gets a trojan in the Debian archive through a GPG key - SPI (not Debian as it does not have a legal entity in itself) brings the case to a law agency claiming that X has committed a crime - the Police traces X to A, B and C (same names != same people) - the Police gathers evidence that A and B *might* be in possession of the GPG key and might have done the attack (this includes things like information from ISPs linking a telecommunications contract to a name, data from their communication either publicly available or requested to ISPs or servers) There, here we are. You've admitted that just the name isn't enough and that the police needs more, which was my whole point. If they have a name which might be valid but an email address which is, I think they have a far better chance at finding the person responsible than if they have an email address which might be valid but a name which is. [...] -- Fun will now commence -- Seven Of Nine, Ashes to Ashes, stardate 53679.4 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Please revoke your signatures from Martin Kraff's keys
On Mon, May 29, 2006 at 02:48:33PM +0200, Wouter Verhelst wrote: Then there's the issue of tracing who did an actual upload into the real world. A name on a GPG key is not, by any means, an effective way to do that, since it does not contain enough information to get out the black helicopters. Case in point: (...) Useless case, you seem to believe that police officers can only trace and obtain information from people through Google ! I do not know how many cases related to digital crimes have you been involved with or know of, so please allow me to enlighten you how it could possiby work: - somebody named X gets a trojan in the Debian archive through a GPG key - SPI (not Debian as it does not have a legal entity in itself) brings the case to a law agency claiming that X has committed a crime - the Police traces X to A, B and C (same names != same people) - the Police gathers evidence that A and B *might* be in possession of the GPG key and might have done the attack (this includes things like information from ISPs linking a telecommunications contract to a name, data from their communication either publicly available or requested to ISPs or servers) - the Police asks for a search warrant, gets into A and B's house and seizes their computers - the Police finds the private key associated with the GPG key in A's computer (maybe even evidences of the trojan itself) Guess who is going to get prosecuted regardless of whether they have the same name? If you think that's science fiction, maybe a tv series plot, or think that law agencies (or judges) are stupid and cannot gather evidence for a case in the digital age then think again [1] Law agencies (in many countries) have enough budget and laws backing them to do that (and more). Given enough damage done by X (=A) through the trojan introduced in the archive or enough money layed down by SPI you bet there would be a thorough investigation of the case. Regards Javier [1] Virus and worm writers have been busted with even less information (when the investigation started) than the information I leak while writting this e-mail. signature.asc Description: Digital signature
Re: Please revoke your signatures from Martin Kraff's keys
On Thu, Jun 01, 2006 at 12:41:52AM +0200, Javier Fernández-Sanguino Peña [EMAIL PROTECTED] wrote: On Mon, May 29, 2006 at 02:48:33PM +0200, Wouter Verhelst wrote: Then there's the issue of tracing who did an actual upload into the real world. A name on a GPG key is not, by any means, an effective way to do that, since it does not contain enough information to get out the black helicopters. Case in point: (...) Useless case, you seem to believe that police officers can only trace and obtain information from people through Google ! I do not know how many cases related to digital crimes have you been involved with or know of, so please allow me to enlighten you how it could possiby work: - somebody named X gets a trojan in the Debian archive through a GPG key - SPI (not Debian as it does not have a legal entity in itself) brings the case to a law agency claiming that X has committed a crime - the Police traces X to A, B and C (same names != same people) You'd have to skip this point if name(X) != name(A). - the Police gathers evidence that A and B *might* be in possession of the GPG key and might have done the attack (this includes things like information from ISPs linking a telecommunications contract to a name, data from their communication either publicly available or requested to ISPs or servers) They'll have some trouble getting information from ISPs hosting a proxy of whatever outside the US. Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On Sun, May 28, 2006 at 08:57:55PM -0700, Thomas Bushnell BSG wrote: If I were to crack a key signing party, using Bubba's travel documents, I too would swear up and down the street that he indeed correctly and diligently verified all kinds of _other_ government ID's when practising his art. How is it cracking to use Bubba's documents? People who do not know and trust Bubba should not accept the ID, period. Heh, I think you missed the subtext of Manoj's hypothetical, which is that Bubba sells fake IDs to underage students. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ signature.asc Description: Digital signature
Re: Please revoke your signatures from Martin Kraff's keys
On Sun, May 28, 2006 at 10:37:39PM -0500, Manoj Srivastava wrote: On 27 May 2006, martin f. krafft spake thusly: From within the project, what matters is that everything you do within the project can be attributed to one and the same person: the same person that went through our NM process. The GPG key is one technical measure to allow for this form of identification. Its purpose is not, as Micah Anderson states, a means to confirm the validity of a government-issued ID. A GPG key that can not be traced to a real person who has introduced a trojan into Debian and has stolen valuable data (perhaps, just as another test to prove how stupid people are to trust Debian), is worth less than a key that can implicate a real person, and perhaps mitigate some damage done by the attack. You're making fun of yourself. If someone willingly introduces a trojan into Debian, and they did so by means of a GPG key bearing their own name, then we have no more or less problems than when this would happen if done by means of a GPG key bearing the name of 'Poo', the teletubbie. The fact that my key does indeed bear my own name does not in any way 'mitigate' anything that I might perhaps do to harm the Project (not that I in any way intend to do so). The problem would exist, the damage would be done, and it would be a real-world problem whether or not we would be able to point fingers. Then there's the issue of tracing who did an actual upload into the real world. A name on a GPG key is not, by any means, an effective way to do that, since it does not contain enough information to get out the black helicopters. Case in point: http://www.volleyteam-roeselare.be/spelers/verhelst.htm I am not a professional volleybal player who make appearances on TV. However, this person is, and he bears my name. It is written exactly the same way. By way of a name on a GPG key _only_, you would be able to trace anything I might have done to me; but it's just as likely that you would trace it to this person instead. What you really need is a way to link a name to an actual person. A GPG key is not an effective means to do that. If you really want to link a person's name to a GPG key, then a far more effective way of doing so is looking at a person's email address (which is globally unique, unlike a name), contacting the person in charge of the mail server, log the IP addresses that fetch mail for that person, and contact the owner of the netblock to find out the snail mail address or phone number of the person involved. In other words, I will not object to signing someone's GPG key if it only contains a nickname rather than an official name (though I might have second thoughts), but I will _not_ sign _any_ uid on a key of which I have not personally verified that the person reading the email address has access to the key. In my eyes, this is exactly what a keysigning is and should be all about: a statement of familiarity with a person, nothing more and nothing less. And as a project, we should either accept that, or find a better way to identify our developers. This is also silly --- what is the trust path he has to the crackers identity? Say, some person walks up to a LUG or linuxtag or debconf and says, Hi, I am Donal Duck. He proceeds to talk about free software, goes out for drinks, and tells a fine tale. He does so again a year later, again calling himself Donal Duck. This scenario seems highly unlikely. I expect that anyone willing to work a whole year on building up trust with people he intends to defraud would be just as willing to pay the amount of money required to acquire counterfeited, but real-looking, ID cards. You are not the CIA, and even they are unable to say with 100% certainty that people are who they claim to be. I suggest you let it go. -- Fun will now commence -- Seven Of Nine, Ashes to Ashes, stardate 53679.4 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, 27 May 2006 16:21:22 -0700 Paul Johnson [EMAIL PROTECTED] wrote: On Saturday 27 May 2006 16:12, Ron Johnson wrote: Paul Johnson wrote: On Saturday 27 May 2006 14:12, Steinar H. Gunderson wrote: On Sat, May 27, 2006 at 01:54:03PM -0700, Paul Johnson wrote: Oregon abolished the voting booth in 2000 Oh, so they get better counts and less fraud by doing away with ballot secrecy. How wonderful. No, that's not how it works, your ballot is still secret. Think about it for a minute. You sign the mailing envelope, your ballot goes in a secrecy envelope. Elections compares signatures, opens the mailing envelope and saves it for the voter rolls, sends the secrecy envelope down the line off to the counting machines to be opened separately in some other room. That is secrecy only to the government; not in general. For instance, someone can easily pressure you into voting for party or candidate X, _since they can verify it_ (just watch as you put the ballot in the envelope, and make sure you post it). With a voting booth, nobody can effectively pressure you, as your vote is secret from everybody. Nobody can effectively pressure you, except everyone else in line, campaigners trolling the polling place, and the inability to get the day off to vote because polling places are only open 4-6 hours on election day. If you want to ignore that vote by mail is more secure than the voting booth, that's fine. Don't move to Oregon. With vote-by-mail from the privacy (and seclusion) of your home, who's to stop a political operative or angry husband from saying vote Democrat, or else!? The fact you can go to the police, and you can vote wherever you please. If you're really that concerned about it, you can go down to county elections, say your ballot got lost in the mail or tell them that someone else coerced you (which voids the original ballot's mailing envelope, and if that mailing envelope gets cast, they void the ballot it contains) and they'll give you a fresh ballot and envelopes. You're welcome to vote at the elections office, but if you want privacy you're going to have to lock yourself in a restroom. Penalties for screwing with other people's votes here are severe. That sounds like the same reason there's no more cases of battered and abused women. For some reason I'm not convinced. Jacob -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEew/akpJ43hY3cTURAmXRAKCBQgiP7tIPNhZT9rRD8zgs75jQIgCguEW+ R5t3Hq2eiQs3YKTQH3HEcP0= =ZBlX -END PGP SIGNATURE-
Re: Please revoke your signatures from Martin Kraff's keys
Javier Fernández-Sanguino Peña dijo [Sun, May 28, 2006 at 11:40:46PM +0200]: For me, yes, some questions asked, some delays involved, but no detailed background checks. I'm sure neither the FBI or the CIA (or, as for Mexican authorities, CISEN or PGR) were involved. Then some government organizations do not take as stringent a set of precautions as others do. That, by itself, is an unsurprising statement. In Spain, you are *required* to have a national ID card (if you are over 18 years old), that means the Police will provide you with one regardless of what background checks they might want to run. That is, they *have* to provide you with a national ID card. Same happens with the passport BTW. Unless they want to remove you of it (because you are being prosecuted and they fear you might ran away), they *have* to provide you with a passport. Not because it is a requirement, but because you have the *right* to travel abroad (at least it is in Spain) There is a catch - And that catch forced me to do the military service. No, it's not a military service as you know it, it's more a joke than anything else (going every Saturday morning to do some social labor - planting trees, cleaning streets, etc. And taking a very small part in a parade). But anyway... Our constitution grants any person in Mexico the right to travel, to exit the country at will. Ok, perfect. But now, what happens if the government does not want to issue you a passport? Simple: You can travel anywhere you want - as long as the destination country accepts you to enter. And, of course, no country (or, closer to the truth, very few countries) will allow you to enter without a passport. If a Mexican is outside Mexico, he must be granted the right to go back there - and that can only be achieved by having a valid passport. Thus, I have at least three passports valid only for six months IIRC, from the time I lived in Israel. But yes, once back in Mexico, and once my passport expired, I had to go through the military service to get a new one. Greetings, -- Gunnar Wolf - [EMAIL PROTECTED] - (+52-55)5623-0154 / 1451-2244 PGP key 1024D/8BB527AF 2001-10-23 Fingerprint: 0C79 D2D1 2C4E 9CE4 5973 F800 D80E F35A 8BB5 27AF signature.asc Description: Digital signature
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
Steve Langasek [EMAIL PROTECTED] writes: On Sun, May 28, 2006 at 08:57:55PM -0700, Thomas Bushnell BSG wrote: If I were to crack a key signing party, using Bubba's travel documents, I too would swear up and down the street that he indeed correctly and diligently verified all kinds of _other_ government ID's when practising his art. How is it cracking to use Bubba's documents? People who do not know and trust Bubba should not accept the ID, period. Heh, I think you missed the subtext of Manoj's hypothetical, which is that Bubba sells fake IDs to underage students. So, if the ID says on it, Bubba's Fake ID Shop, I'm not sure I see the problem. In other words, Bubba sells forgeries, but the Transnational Republic does not. Thomas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Please revoke your signatures from Martin Kraff's keys
On Sun, May 28, 2006 at 11:40:46PM +0200, Javier Fernández-Sanguino Peña wrote: (...) they *have* to provide you with a passport. Not because it is a requirement, but because you have the *right* to travel abroad (at least it is in Spain) That's a human right, as defined by the Universal Declaration of Human Rights (article 13). -- Lionel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Please revoke your signatures from Martin Kraff's keys
Tyler MacDonald wrote: WTF? In Oregon, if you have a driver's license, you cannot get an ID card. If you have an ID card, you have to surrender it to get a driver's license. You're only legally allowed one ID. Weird! Not really, same rules apply in Virginia, AFAIK. You can still keep your birth certificate and social security card though, right? Neither of those are photo IDs. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On Sat, May 27, 2006 at 04:47:20PM -0500, martin f krafft wrote: The Debian project heavily relies on keysigning for much of its work. However, I think the question what the signing of a key actually accomplishes has not been properly addressed. In my opinion, from the point of view of the Debian project, a person's actual identity (as in the name on your birth certificate) matters very little; the Debian project does not actively interfere with a person's real life in such a way as to require the birth certificate identity (legal cases, liability issues, etc.). I don't agree that the Debian project shouldn't care about being able to map the names of its contributors back to real-world entities. The work we do in Debian has real-world impact on lots of people, and if someone attacks the integrity of Debian from the inside they should expect real-world consequences for doing so. Having a contributor's real name is an aid to holding them accountable, even though it's neither globally unique nor permanent. Moreover, it's rather trivial in several countries of this world to change your official name. In this context, even the claim that in the case of a trust abuse, your reputation throughout the FLOSS community (and the rest of the Internet) should be properly tarnished, does not stand, IMHO. In the jurisdictions I'm familiar with, unless you're in a witness protection program, changing one's official name is accompanied by open court records showing the old and new names and it is thus not a terribly effective means of avoiding pesky inconveniences like creditors and criminal charges. So legally changing your name isn't going to stop us from getting your ass thrown in jail for computer crimes; OTOH, if you were using a pseudonym in the first place and no one detected it, that may be more of an obstacle. I imagine an improved protocol for the keysigning, which is based on an idea I overheard after the party (and someone mentioned it in the thread): instead of the everyone-signs-everyone approach, it might be interesting to investigate forming groups (based on connectivity statistics) such that everyone's mean distance in the web of trust can be increased by a fair amount in a short amount of time. At the same time, such circles could be used for education by those with high connectivity (and thus much experience). The problem here is of course the somewhat unreliable attendance of people. Comments welcome. I agree that this is the way to go. Who has time to work on implementing the necessary code? also sprach Enrico Zini [EMAIL PROTECTED] [2006.05.25.1218 -0500]: However, from the book you don't get the address of madduck's home, which is what you want when you have to go and drag him to jail if he willingly uploads some malicious code. Could you even drag me to jail for anything I do (or don't do) in Debian? Which jurisdiction would be used? Who'd be the prosecutor? What kind of legal claims would actually stand a chance? There are federal computer crime laws in the US that would cover things like trojaning packages or rooting Debian servers. http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm suggests that EU member states should have laws criminalizing such activities as well, though I don't know the implementation details of any. That would certainly cover the majority of DDs today, anyway. And for the rest, we always have the CIA to kidnap them for us so they can be tried in the US. :-P -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ signature.asc Description: Digital signature
Re: Please revoke your signatures from Martin Kraff's keys
This one time, at band camp, Paul Johnson said: On Saturday 27 May 2006 16:49, Thomas Bushnell BSG wrote: Paul Johnson [EMAIL PROTECTED] writes: The vote at champoeg was when the Oregon Territory voted to become Canadian. We're on the south side of the border exclusively due to the threat of military force when the US couldn't handle the fact that we don't want them here the first time around. That's not democracy, that's coercion. Does it matter any more? Surely the opinions of a majority of *present day* Oregonians matters a whole lot more, right? Not many of the locals I talk about this with are terribly happy with the situation today, either. And I'm really having a hard time seeing what the purported national allegiance of Oregon has to do with developing an OS. Private mail, please, for the remainder of this silly and oversized thread. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
Quoting Andreas Barth ([EMAIL PROTECTED]): I know that Peter Palfrader (weasel) submits sometimes a clear fake key to KSPs and looks for people signing it. (No, there is nobody there who claims to be that person. Only the key on the list.) For future reference, I personnally dislike people trying to trick down other people. If the above is meant to later mail the people inadvertently signing the fake key, I'm OK with it. If this is intended to make a self-statement like this person is not thrustworthy because she signed a key that wasn't in the keysigning party, then I think this crosses my own personal line signature.asc Description: Digital signature
Re: Please revoke your signatures from Martin Kraff's keys
On Sat, May 27, 2006 at 01:55:44PM -0500, Manoj Srivastava wrote: On 27 May 2006, Gunnar Wolf verbalised: For me, yes, some questions asked, some delays involved, but no detailed background checks. I'm sure neither the FBI or the CIA (or, as for Mexican authorities, CISEN or PGR) were involved. Then some government organizations do not take as stringent a set of precautions as others do. That, by itself, is an unsurprising statement. In Spain, you are *required* to have a national ID card (if you are over 18 years old), that means the Police will provide you with one regardless of what background checks they might want to run. That is, they *have* to provide you with a national ID card. Same happens with the passport BTW. Unless they want to remove you of it (because you are being prosecuted and they fear you might ran away), they *have* to provide you with a passport. Not because it is a requirement, but because you have the *right* to travel abroad (at least it is in Spain) Regards Javier signature.asc Description: Digital signature
Re: Please revoke your signatures from Martin Kraff's keys
On Sat, May 27, 2006 at 04:47:20PM -0500, martin f krafft wrote: Dear Manoj, dear fellow DDs, Hi, I'm just going to address the question you made that was directed to me. also sprach Javier Fernández-Sanguino Peña [EMAIL PROTECTED] [2006.05.25.1300 -0500]: FWIW, I noted down those keys I would *not* sign and didn't tell the people at the KSP that I would not sign them. I guess his experiment only one in ten said that they would *not* sign it is moot unless he backs it up with the signatures he eventually got sent from those he showed a wrong ID to. Out of curiosity, did you mark my key to be questionable? Yes. But then again, you have to trust that I did since you cannot see the (2) I added next to your name and the ID check :-) (on a scale of 1-5 with 5 being the highest). You got a (2) (and not a (1) like others did) not because of your ID but because we actually talked throughout the Debconf. The point you raise is a valid one. However, given how many people just don't sign keys after keysignings, the data would be skewed in the other direction. True. But skew is always present in lies^statistics :-) I do not yet understand why some people do not confront those with questionable IDs. Maybe you can shine some light on that. For two reasons: 1.- People might not have a better ID (I guess I trust people to bring their best ID to the KSP) and that means that: a) they will be ashamed that they cannot provide a better ID b) they will be offended that I don't trust their national ID c) they will not understand why I'm asking for a better ID 2.- Lack of time and peer pressure (you are taking too long!) The only case in which I would bother explaining is 1-b, but with 2) taken into account I did not had time to explain why their ID was not sufficient for me. And I can actually do that (with a canned e-mail) after the KSP. Hope that explains it. Javier signature.asc Description: Digital signature
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
Hi, First of all, my name is Martin Felix Krafft (with a final 't'), and my GPG key ID is 0x330c4a75. The unofficial ID I presented listed that name (without the middle name), a photo is available from [1] (sorry, can't do better now). Thus, the ID card is an unofficial card, but the identity it claims is my real identity, not a fake one. To me, this is an important distinction in the context of this discussion. This has opened a can of worms; because your transnational ID was as official as it could get. Most of us do not know what other countries consider to be official, and it's more of an intent and goodwill rather than scientific or legally binding officialness that we are signing and interchaning keys based on ID cards. regards, junichi -- [EMAIL PROTECTED],netfort.gr.jp} Debian Project -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
Junichi Uekawa [EMAIL PROTECTED] wrote: This has opened a can of worms; because your transnational ID was as official as it could get. Most of us do not know what other countries consider to be official, and it's more of an intent and goodwill rather than scientific or legally binding officialness that we are signing and interchaning keys based on ID cards. If there's anyone who should be revoking signatures, it's the people who are signing keys without being fairly certain that they belong to the correct person. This really shouldn't be controversial. -- Matthew Garrett | [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
Junichi Uekawa [EMAIL PROTECTED] writes: This has opened a can of worms; because your transnational ID was as official as it could get. Most of us do not know what other countries consider to be official, and it's more of an intent and goodwill rather than scientific or legally binding officialness that we are signing and interchaning keys based on ID cards. Wow, you thought there was a country called the Transnational Republic? Or you thought that Germany prints ID cards with Transnational Republic on them? Or what, exactly? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Please revoke your signatures from Martin Kraff's keys
On 27 May 2006, martin f. krafft spake thusly: Dear Manoj, dear fellow DDs, I guess I could have known that this experiment of mine would turn into a huge thread, unfortunately extending across two mailing lists. Thus, it is surely in order for me to apologise for being the cause that your inboxes filled up. Any act of deception, meant to exploit the weaknesses of the system rather than participating in a key signing in good faith is likely to have had this effect, yes. 0. http://blog.madduck.net/geek/2006.05.24-tr-id-at-keysigning First of all, my name is Martin Felix Krafft (with a final 't'), and my GPG key ID is 0x330c4a75. The unofficial ID I presented listed that name (without the middle name), a photo is available from [1] (sorry, can't do better now). Thus, the ID card is an unofficial card, but the identity it claims is my real identity, not a fake one. To me, this is an important distinction in the context of this discussion. Err, so you claim. I have no means of determining if this is true. The official ID's issued as travel papers have a certain trust metric: there are international agreements that are enforced when it comes to travel documents. Each government, in order to allow it's citizens the right of travel abroad, goes through certain measures to tie down the papers issued to their citizens, and there are various standards that are applicable to identity verification. An so called unofficial document, purchased from some unknown entity, which has not entered into these international agreements, does not carry the same weight. The only reason for having a key signed is to associate an identity, even if indirectly, by proxy, via a government issued identity document; the tacit understanding is that the cheks and verification conducted by the governments to meet the international agreements are good enough. Now let me talk about Bubba. Bubba is an entrepreneur, who has dedicated his professional career to serving the freshmen of University of Tennessee at Knoxville, in meeting their obligations and rights as college students to worship at the altar of Bacchus. On examinations of the Benjamins, and other documents bearing the imprints various presidents of the United States, he provides you, after due process, travel documents of various domains and verisimilitude. If I were to crack a key signing party, using Bubba's travel documents, I too would swear up and down the street that he indeed correctly and diligently verified all kinds of _other_ government ID's when practising his art. Any one would have their right to doubt further protestations from a known cheater: how do we know this is not an further elaborate test of the credulity of the community at large? From within the project, what matters is that everything you do within the project can be attributed to one and the same person: the same person that went through our NM process. The GPG key is one technical measure to allow for this form of identification. Its purpose is not, as Micah Anderson states, a means to confirm the validity of a government-issued ID. A GPG key that can not be traced to a real person who has introduced a trojan into Debian and has stolen valuable data (perhaps, just as another test to prove how stupid people are to trust Debian), is worth less than a key that can implicate a real person, and perhaps mitigate some damage done by the attack. I do not need an ID to identify martin, so i dont need to rely on his (forged or real) passport or other id from him in order to sign his key. If you did not know him before you should not sign his key (if your judgement was based on the unofficial ID). Maybe we should just drop holding KSPs, and fall back to the traditional method of Hey, nice dinner we had yesterday. Say, now that you know me, my family and my history, would you like to sign my key as well? - Signing for people you actually know, not just linking In my eyes, this is exactly what a keysigning is and should be all about: a statement of familiarity with a person, nothing more and nothing less. And as a project, we should either accept that, or find a better way to identify our developers. This is also silly --- what is the trust path he has to the crackers identity? Say, some person walks up to a LUG or linuxtag or debconf and says, Hi, I am Donal Duck. He proceeds to talk about free software, goes out for drinks, and tells a fine tale. He does so again a year later, again calling himself Donal Duck. Now, with the help of Bubba, he walks in, and our dear friend would happily sign the key of young Donal. Knowing the person does no good for real identity verification if we accept the behaviour of presenting Bubba's identity papers. So what to do in this very situation? Should you revoke your signature from my key (or not even sign it
Re: Please revoke your signatures from Martin Kraff's keys
Manoj Srivastava wrote: On 27 May 2006, martin f. krafft spake thusly: Dear Manoj, dear fellow DDs, I guess I could have known that this experiment of mine would turn into a huge thread, unfortunately extending across two mailing lists. Thus, it is surely in order for me to apologise for being the cause that your inboxes filled up. Any act of deception, meant to exploit the weaknesses of the system rather than participating in a key signing in good faith is likely to have had this effect, yes. I'm sorry to join this thread, but I am wondering what Martin's deception was. As I understand it, he used a form of identification which was issued by an organization which is not recognized as the governing body of any place in particular. The identification showed his real name and real likeness [0]. He did not misrepresent any information in either obtaining the document or in presenting it to those who requested he identify himself. So, to the best of my reckoning, this is all really an issue dealing with the fact that there exist organizations which we would not trust to do certain things. I think this is hardly an earth-shattering revelation. -Roberto [0] At least as far as those things have been previously known. -- Roberto C. Sanchez http://familiasanchez.net/~roberto signature.asc Description: OpenPGP digital signature
Re: Please revoke your signatures from Martin Kraff's keys
Manoj Srivastava [EMAIL PROTECTED] writes: Any act of deception, meant to exploit the weaknesses of the system rather than participating in a key signing in good faith is likely to have had this effect, yes. That's true. What about Martin's actions, as they have been reported, makes you think there was any deception going on? An so called unofficial document, purchased from some unknown entity, which has not entered into these international agreements, does not carry the same weight. Oh, this is certainly true. But there isn't anything particularly deceptive about me presenting an ID that is *not* from a government; it simply shouldn't be accepted by itself as evidence of identity, that's all. It's certainly not dishonest. Now, the first people who signed my Debian key were developers who knew me personally. They didn't look at any ID at all. How's that?! Seems perfectly reasonable to me. The purpose of the ID is to satisfy the signatory about identity; if they are otherwise satisfied, then that's great. And, incidentally, the Transnational Republic is not an unknown entity in the objective sense, though certainly a given signer might not know it. Signers should certainly not trust IDs from organizations they've never heard of. But that doesn't mean that it's wrong to present an ID from such an organization. It might well be that the Transnational Republic's procedures are sufficiently controlled that their IDs are perfectly trustable, by those who know of its existence and nature. (For example, my university ID card should not be adequate ID to someone who doesn't know of the University of California or its procedures for checking identity. But to someone who does, perhaps to a fellow member of the institution, the ID card might well be a perfectly satisfactory basis for a signature on a key.) If I were to crack a key signing party, using Bubba's travel documents, I too would swear up and down the street that he indeed correctly and diligently verified all kinds of _other_ government ID's when practising his art. How is it cracking to use Bubba's documents? People who do not know and trust Bubba should not accept the ID, period. Any one would have their right to doubt further protestations from a known cheater: how do we know this is not an further elaborate test of the credulity of the community at large? How does Martin rank as a known cheater? You seem to be *assuming* that he was dishonest, as part of your proof that what he did was dishonest. This looks for all the world as if *YOU* were taken in, and rather than wipe the egg off your face and promise to check IDs more carefully in the future, you're blaming him for your failure to notice that the Transnational Republic is not a real country. I have not, and never will sign your key, ever again. I don't trust you to present identity papers that are trustworthy -- unless I can get a law enforcement official I select to test and verify your papers, and possibly not then. Really? Why? What has Martin done to lose your trust? Please lead me through it carefully, because it seems like you're skipping a step. Start with the evidence you have for your assertions, whatever they are. Well, yes, since the KSP was indeed subverted, I am not signing any keys from this event. I am considering not signing keys from the Debian community, since it apparently condones Bubba ID papers. How was the KSP subverted? Who has said that IDs from the Transnational Republic are condoned? Thomas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Please revoke your signatures from Martin Kraff's keys
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Er, is it just me or isn't the point of gnupg that there *are* people you *can't trust*. We wouldn't be needing digital signatures if everybody honoured the 'gentleman's agreement' that we should only sign as ourselves (or at most as a pseudonym that can't be confused for a real person) in plaintext email. If the KSP is so weak that it depends on gentleman's agreements to work, it's been cracked with unannounced malicious intent already, or soon will be. The whole point of the web of trust is that you should only say you trust people you actually trust. Personally I think a keysigning where I only know people by ID, is at best a marginal trust. GnuPG is about security, and security implies that there is a need to be secure against someone or something. In the case of GnuPG it's people pretending to be something they are not. If you depend on 'acceptable behaviour' to prevent abuse of this system you've already lost, because the person is pretending to who they are not with malicious intent, is not going to honour that understanding. They also won't tell you about it. So, again, what's the point of security if it depends on 'acceptable behaviour' or 'gentleman's agreements' to succeed? - -- And that's my crabbing done for the day. Got it out of the way early, now I have the rest of the afternoon to sniff fragrant tea-roses or strangle cute bunnies or something. -- Michael Devore -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFEenZ9hvWBpdQuHxwRAqioAJ90MDtm99rqadrB9ix1wt6E/1bWbwCcCeBb fxIQww9KC+oAVaRrIpo3IO4= =ySo4 -END PGP SIGNATURE-
Re: Please revoke your signatures from Martin Kraff's keys
On Sun, May 28, 2006 at 11:57:43PM -0400, Roberto C. Sanchez wrote: The identification showed his real name and real likeness [0]. He did not misrepresent any information in either obtaining the document or in presenting it to those who requested he identify himself. The real issue is that, for those people who did not notice the problematic ID and check his passport as well, the truth value of the above statements is completely unknown. This makes it unreasonable to sign his key based on such an ID; it also makes it unreasonable, IMHO, to insist that Martin-or-someone-saying-his-name-is-Martin has deceived us, because for the people who only looked at his Transnational Republic ID, there is not enough information available to say either way. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ signature.asc Description: Digital signature
Re: Please revoke your signatures from Martin Kraff's keys
Steve Langasek [EMAIL PROTECTED] writes: On Sun, May 28, 2006 at 11:57:43PM -0400, Roberto C. Sanchez wrote: The identification showed his real name and real likeness [0]. He did not misrepresent any information in either obtaining the document or in presenting it to those who requested he identify himself. The real issue is that, for those people who did not notice the problematic ID and check his passport as well, the truth value of the above statements is completely unknown. This makes it unreasonable to sign his key based on such an ID; it also makes it unreasonable, IMHO, to insist that Martin-or-someone-saying-his-name-is-Martin has deceived us, because for the people who only looked at his Transnational Republic ID, there is not enough information available to say either way. Quite right. It seems certainly appropriate to me to suggest to people who signed the ID on the basis of the Transnational Republic ID that they should revoke the signature, and that people who aren't sure should do the same. But the claim that Martin lied or committed a fraud, this claim is not suggested at all. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Please revoke your signatures from Martin Kraff's keys
On Fri, May 26, 2006 at 04:18:15PM -0700, Paul Johnson wrote: On Friday 26 May 2006 00:50, Josselin Mouette wrote: Le jeudi 25 mai 2006 à 02:36 -0500, Manoj Srivastava a écrit : It has come to my attention that Martin Kraff used an unofficial, and easily forge-able, identity device at a large key signing party recently. FWIW, I'm pretty sure Martin presented me an official German ID card. But should I revoke signatures from developers who showed me a US driver license, a piece of plastic I could fake with my inkjet printer? I'd be inclined to say yes if they look like the new Oregon or California ones due to the lack of security features. OTOH, I live in a region with some of the highest meth consumption in the world, and I have had my identity stolen once. Damn you, social security administration... But what does it matter? Can you spot a fake Victorian drivers' licence? Fake German ID card? Do you know the distinguishing marks that differentiate a real Australian passport from fakes? Daniel, sensing misdirected enthusiasm signature.asc Description: Digital signature
Re: Please revoke your signatures from Martin Kraff's keys
On Saturday 27 May 2006 00:38, Daniel Stone wrote: But what does it matter? Can you spot a fake Victorian drivers' licence? Fake German ID card? Do you know the distinguishing marks that differentiate a real Australian passport from fakes? No, but I also won't sign keys of someone with an ID I don't recognize for the same reason I wouldn't sell alcohol to people with IDs I don't recognize when I worked for the Zoo: It's my reputation (and in the case of alcohol, my legal liability) on the line. -- Paul Johnson Email and IM (XMPP Google Talk): [EMAIL PROTECTED] Jabber: Because it's time to move forward http://ursine.ca/Ursine:Jabber pgpEBRZQzJOuA.pgp Description: PGP signature
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 26 May 2006 16:24:27 -0700 Paul Johnson [EMAIL PROTECTED] wrote: On Friday 26 May 2006 15:20, Ron Johnson wrote: Javier Fernández-Sanguino Peña wrote: On Thu, May 25, 2006 at 05:45:42PM -0700, Paul Johnson wrote: On Thursday 25 May 2006 15:26, Mike Hommey wrote: [snip] [0] As long as he doesn't go and vote too, since the people in the voting table would notice that he has voted twice and probably would have to reject the whole voting box of that table (as they would be unable to find and remove the previous voters' vote). Well that's an interesting way to cook an election... Method not viable in all jurisdictions. If you've ever wondered why Oregon takes almost as long as Florida to certify national election results, it's not because we can't count or we've had a blatant attempt at voter's fraud, it's because elections is busy checking signatures on ballot envelopes. Oregon abolished the voting booth in 2000: Election Day is actually the last election day of six consecutive weeks we can vote (beat that and your wussy six hours, America!), and we vote at home. You have your option of mailing or handing in your ballot to county elections. Oregon residents that will be outside the state of Oregon on the last day of the election are the only people eligible to register absentee because of this (this is a good thing, since it improves voter turnout and more votes count initially, whereas absentee ballots in all 50 states never get opened unless there's a tie). Oh, so they get better counts and less fraud by doing away with ballot secrecy. How wonderful. Jacob -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEeFF5kpJ43hY3cTURAtLcAKCy0mljUzNYIkBTs7ApfzcnSfZGQwCfWww6 +28CMNtPy3/W4CCtr4hue1g= =WAY5 -END PGP SIGNATURE-
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
Javier Fernández-Sanguino Peña wrote: On Thu, May 25, 2006 at 05:30:23PM +0200, Luca Capello wrote: FYI, Martin's explanation is at [1], which passed on Planet Debian. Thx, bye, Gismo / Luca [1] http://blog.madduck.net/geek/2006.05.24-tr-id-at-keysigning FWIW, I noted down those keys I would *not* sign and didn't tell the people at the KSP that I would not sign them. I guess his experiment only one in ten said that they would *not* sign it is moot unless he backs it up with the signatures he eventually got sent from those he showed a wrong ID to. Yes, that is true. I did the same for some people showing really weird ID like their university cafeteria card. That being said I (personally) already decided not to sign people that showed me something that was *not* a passport and noted that in my KSP paper page through it. Unfortunately, I'm not confindent in my ability to disntiguish forgeries so that means that people: - showing their country's ID card That's idiocy. The German identity card is an officially issued authentication device and substitutes a passport. (Which is true for the whole European Union, so you should know). In fact the identity card (despite the name written on it and the pages holding visa stamps) is almost identical to the passport. (With the exception of very new passports containing additional biometric features.) and not showing any passports or showing passports: - which did not had the *same* spelling as the name in the key (letter by letter) The German passport/ID card has official ASCII transliterations of umlaut names, so if you have discarded signatures on that assumption you didn't read exactly enough. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Please revoke your signatures from Martin Kraff's keys
On 26 May 2006, Christian Pernegger told this: Stop signing keys for Debian developers, since purchased ID's are acceptable in this community? ;) There's a difference between 'purchase' and 'pay for' in this context. I have always had to pay for any kind of ID card, be it passport, citizen's ID or student ID. You make it sound like he bought a *forged* ID, which I'm not sure he did. The question should be who issued the ID, what checks were performed, and do you trust the issuing entity and/or their checks. In this case the issuer was not affiliated with any government body, but they did check his passport before issuing the card. Should you therefore not trust it? I'm not so sure. Only if we take the word of someone who was trying to subvert the keysigning to belavour the obvious that it is easy to get people to sign using purchased ID's. How do you know the claim about the check was not another test to see if he can get away with this? And there are all kinds of people who just hand over an ID, no questions asked, for the appropriate amount of money. And, to the people who have trouble distinguishing between paying for a passport and purchasing an ID, while I have had to pay for all my official identity documents, merely paying would not have got me one -- there were background checks, (Indian police in all the places I had lived in, the FBI and the CIA, etc) -- and no documents would have been issued if any of the checks failed. One can purchase an ID merely by having the right contacts and sufficient money -- which is a different kettle of fish altogether. manoj -- Madness has no purpose. Or reason. But it may have a goal. Spock, The Alternative Factor, stardate 3088.7 Manoj Srivastava [EMAIL PROTECTED] http://www.debian.org/%7Esrivasta/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On Fri, May 26, 2006 at 03:09:04PM +0200, Filippo Giunchedi wrote: On Thu, May 25, 2006 at 08:00:23PM +0200, Javier Fernández-Sanguino Peña wrote: FWIW, I noted down those keys I would *not* sign and didn't tell the people at the KSP that I would not sign them. I guess his experiment only one in ten said that they would *not* sign it is moot unless he backs it up with the signatures he eventually got sent from those he showed a wrong ID to. Don't you think this is at least don't fair to people attending KSP? Not even explaining them why they won't receive your signature (which is the whole point of KSP). Something like I'm sorry but this is unacceptable to me (because of this and that) would be okay to educate people showing correct IDs. That's a good point and I will try to send those people and e-mail explaining why I didn't sign them. I, at least, don't only make the decission on signing or not in the KSP but also based on the experience throughout the Debconf (I might have different protocols for those that I have actually *met* in order to sign their keys). That's why I would not tell those at the KSP, but I might do it afterwards. Regards Javier signature.asc Description: Digital signature
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On Fri, May 26, 2006 at 05:20:59PM -0500, Ron Johnson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Javier Fernández-Sanguino Peña wrote: On Thu, May 25, 2006 at 05:45:42PM -0700, Paul Johnson wrote: On Thursday 25 May 2006 15:26, Mike Hommey wrote: [snip] [0] As long as he doesn't go and vote too, since the people in the voting table would notice that he has voted twice and probably would have to reject the whole voting box of that table (as they would be unable to find and remove the previous voters' vote). Well that's an interesting way to cook an election... Yes, I guess that political parties (at least in Spain) are quite aware what the turnout of booths are, since voting for a given party is really cross-related to where you actually live [1]. It would be quite easy for a rogue party to force rejections of the booths that *competing* parties would win more with. But this is actually quite OT, isn't it? Regards Javier [1] And your assigned booth for voting is based on which street you live in. You cannot select to vote in any booth. That's so that the people managing voters can have a limited census lists (voters in that booth) and it is easier to prevent duplicate voting, I guess. signature.asc Description: Digital signature
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On Sat, May 27, 2006 at 04:04:33PM +0200, Moritz Muehlenhoff wrote: That being said I (personally) already decided not to sign people that showed me something that was *not* a passport and noted that in my KSP paper page through it. Unfortunately, I'm not confindent in my ability to disntiguish forgeries so that means that people: - showing their country's ID card That's idiocy. The German identity card is an officially issued authentication device and substitutes a passport. (Which is true for the whole European Union, so you should know). In fact the identity card (despite the name written on it and the pages holding visa stamps) is almost identical to the passport. (With the exception of very new passports containing additional biometric features.) That is not idiocy. The Spanish identity card is also officially issued [0]. Heck, the new ones now even come with a crypto-chip. That doesn't mean I can expect other people to tell apart a proper Spanish identity card from a fake one [1], and that's why I take my passport to KSPs and don't use my Spanish ID. I guess I think (but might be wrong) that people might be able to trust a passport which is (somewhat) similar to *their* passport (although this is not true for all countries) than to trust an identity card of a country they are unfamiliar with [2] If the assistants to the KSP were only Spanish (or German) citizens I guess that the identity card would be OK for that KSP, as most people should now what it is expected to *look* like. For international KSPs, however, I rather present (and be shown) a passport. Regards Javier [0] You have to pay for it, BTW, just like for the passport, but I guess that does not fit Manoj's definition :-) [1] Specially since ID cards in my country have mutated throughout time and older ID cards are easier to forge than newer cards, but there might be very old ID cards that do not have an expiration date on them and are (to all effects) still valid in Spain. [2] Heck, even the notion of a national ID card is foreign to some countries which do not have any of that kind. How can I expect a UK or US citizen to verify and approve of the ID card of a foreign country? (if they are not familiar with those ID cards, that is) signature.asc Description: Digital signature
Re: Please revoke your signatures from Martin Kraff's keys
Steve Langasek [EMAIL PROTECTED] writes: What do you think we get by having the signed ID? What advantages accrue to Debian by having this check that someone's real name is what we think it is? I think it's a good thing, I agree with our practice, but I'm not sure what vast security hole is suddenly opened up here. If we found out that the person who has been a faithful and valuable developer, under the name Martin Krafft is not the real Martin Krafft, what should we do? Go find the real Martin Krafft and make him a developer? I thought the obvious answer here would be to kick this person out of the project for breaching the project's trust. Can you think of a reason why it would be ok for someone to lie to us about their real name? Oh, that's fine, but then I don't see exactly what Manoj is bothered by. It seems like he ought to be on Martin's side here, they are both worried about the same thing: that people are a little too lax in checking IDs', particularly at giant KSPs. Thomas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Please revoke your signatures from Martin Kraff's keys
Paul Johnson [EMAIL PROTECTED] writes: I would be more inclined to do that to the people who signed his key based on the Transnational Republic ID. So, who are those people? Is Manoj one of them? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On Fri, May 26, 2006 at 04:54:19PM +0200, Javier Fernández-Sanguino Peña wrote: On Thu, May 25, 2006 at 05:45:42PM -0700, Paul Johnson wrote: On Thursday 25 May 2006 15:26, Mike Hommey wrote: I'm pretty sure we can find official IDs that look so lame that you'd think it's a fake Also worth noting that Spanish driving license IDs are on that group. I have always wondered why they are useful in Spain for ID purposes (even for voting in general ellections) since it's a boy's game to unstaple somebody's picture from his driving license and go vote with his ID and your picture in it [0]. Go figure. [0] As long as he doesn't go and vote too, since the people in the voting table would notice that he has voted twice and probably would have to reject the whole voting box of that table (as they would be unable to find and remove the previous voters' vote). Nah, they would just keep the real guy from voting. -- Lionel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Please revoke your signatures from Martin Kraff's keys
Manoj Srivastava dijo [Sat, May 27, 2006 at 09:38:00AM -0500]: Only if we take the word of someone who was trying to subvert the keysigning to belavour the obvious that it is easy to get people to sign using purchased ID's. How do you know the claim about the check was not another test to see if he can get away with this? And there are all kinds of people who just hand over an ID, no questions asked, for the appropriate amount of money. Now, Martin has not come out in his own defense because he is travelling in South-Eastern Mexico, and will continue for at least some more days - If he _believes_ in the Transnational Republic as a legitimate political (although unrecognized internationally) body, and he shows his ID card to get the point through, as some sort of propaganda? If he believes the ID to be valid, would that make much of a difference to you? Remember that the ID is just a way to link his face to his name, not to put him under the umbrella of a political regime. And, to the people who have trouble distinguishing between paying for a passport and purchasing an ID, while I have had to pay for all my official identity documents, merely paying would not have got me one -- there were background checks, (Indian police in all the places I had lived in, the FBI and the CIA, etc) -- and no documents would have been issued if any of the checks failed. One can purchase an ID merely by having the right contacts and sufficient money -- which is a different kettle of fish altogether. Again, your experience is quite different from many other people's. Some have already said it's easier for them to get official IDs. For me, yes, some questions asked, some delays involved, but no detailed background checks. I'm sure neither the FBI or the CIA (or, as for Mexican authorities, CISEN or PGR) were involved. -- Gunnar Wolf - [EMAIL PROTECTED] - (+52-55)5623-0154 / 1451-2244 PGP key 1024D/8BB527AF 2001-10-23 Fingerprint: 0C79 D2D1 2C4E 9CE4 5973 F800 D80E F35A 8BB5 27AF -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Please revoke your signatures from Martin Kraff's keys
On 27 May 2006, Gunnar Wolf verbalised: Manoj Srivastava dijo [Sat, May 27, 2006 at 09:38:00AM -0500]: Only if we take the word of someone who was trying to subvert the keysigning to belavour the obvious that it is easy to get people to sign using purchased ID's. How do you know the claim about the check was not another test to see if he can get away with this? And there are all kinds of people who just hand over an ID, no questions asked, for the appropriate amount of money. Now, Martin has not come out in his own defense because he is travelling in South-Eastern Mexico, and will continue for at least some more days - If he _believes_ in the Transnational Republic as a legitimate political (although unrecognized internationally) body, and he shows his ID card to get the point through, as some sort of propaganda? If he believes the ID to be valid, would that make much of a difference to you? I see you have not actually read his blog. Go back and get the context that this thread started from, before making wildly improbable hypotheses about potential motivations about other people. Remember that the ID is just a way to link his face to his name, not to put him under the umbrella of a political regime. And, to the people who have trouble distinguishing between paying for a passport and purchasing an ID, while I have had to pay for all my official identity documents, merely paying would not have got me one -- there were background checks, (Indian police in all the places I had lived in, the FBI and the CIA, etc) -- and no documents would have been issued if any of the checks failed. One can purchase an ID merely by having the right contacts and sufficient money -- which is a different kettle of fish altogether. Again, your experience is quite different from many other people's. What experience? Some have already said it's easier for them to get official IDs. Cute, but again, wildly irrelevant, and missing the point entirely. No one is claiming anything about relative ease of getting official or purchased identification documents. I am sure the degrees of difficulty vary with governments, and the quality of the purchased documentation, and various and sundry other factors not quite relevant to this discussion. For me, yes, some questions asked, some delays involved, but no detailed background checks. I'm sure neither the FBI or the CIA (or, as for Mexican authorities, CISEN or PGR) were involved. Then some government organizations do not take as stringent a set of precautions as others do. That, by itself, is an unsurprising statement. manoj -- Its name is Public Opinion. It is held in reverence. It settles everything. Some think it is the voice of God. -- Mark Twain Manoj Srivastava [EMAIL PROTECTED] http://www.debian.org/%7Esrivasta/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Please revoke your signatures from Martin Kraff's keys
Paul Johnson [EMAIL PROTECTED] writes: On Friday 26 May 2006 18:34, Russ Allbery wrote: You can get a passport. Yeah, if I really want to give a country I don't really have much of any allegence to, and consider foreign, my money and wait around for a few months. I'm Oregonian, not American. I know, I'm with you on that and didn't have one for years. I'm an Oregonian living in California. But they *are* useful for things like this. -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On Saturday 27 May 2006 06:17, Jacob S wrote: Oregon abolished the voting booth in 2000: Election Day is actually the last election day of six consecutive weeks we can vote (beat that and your wussy six hours, America!), and we vote at home. You have your option of mailing or handing in your ballot to county elections. Oregon residents that will be outside the state of Oregon on the last day of the election are the only people eligible to register absentee because of this (this is a good thing, since it improves voter turnout and more votes count initially, whereas absentee ballots in all 50 states never get opened unless there's a tie). Oh, so they get better counts and less fraud by doing away with ballot secrecy. How wonderful. No, that's not how it works, your ballot is still secret. Think about it for a minute. You sign the mailing envelope, your ballot goes in a secrecy envelope. Elections compares signatures, opens the mailing envelope and saves it for the voter rolls, sends the secrecy envelope down the line off to the counting machines to be opened separately in some other room. And if you still don't like it, you don't have to live here, everybody else already beat you to the punch. Oregon's full. -- Paul Johnson Email and IM (XMPP Google Talk): [EMAIL PROTECTED] Jabber: Because it's time to move forward http://ursine.ca/Ursine:Jabber pgpukUZBWuxR7.pgp Description: PGP signature
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On Sat, May 27, 2006 at 01:54:03PM -0700, Paul Johnson wrote: Oregon abolished the voting booth in 2000 Oh, so they get better counts and less fraud by doing away with ballot secrecy. How wonderful. No, that's not how it works, your ballot is still secret. Think about it for a minute. You sign the mailing envelope, your ballot goes in a secrecy envelope. Elections compares signatures, opens the mailing envelope and saves it for the voter rolls, sends the secrecy envelope down the line off to the counting machines to be opened separately in some other room. That is secrecy only to the government; not in general. For instance, someone can easily pressure you into voting for party or candidate X, _since they can verify it_ (just watch as you put the ballot in the envelope, and make sure you post it). With a voting booth, nobody can effectively pressure you, as your vote is secret from everybody. Anyhow, this is rapidly very very offtopic. /* Steinar */ -- Homepage: http://www.sesse.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Please revoke your signatures from Martin Kraff's keys
On Saturday 27 May 2006 13:41, Russ Allbery wrote: Paul Johnson [EMAIL PROTECTED] writes: On Friday 26 May 2006 18:34, Russ Allbery wrote: You can get a passport. Yeah, if I really want to give a country I don't really have much of any allegence to, and consider foreign, my money and wait around for a few months. I'm Oregonian, not American. I know, I'm with you on that and didn't have one for years. I'm an Oregonian living in California. But they *are* useful for things like this. My condolences on getting suckered into California. Hopefully you can make it back out soon. -- Paul Johnson Email and IM (XMPP Google Talk): [EMAIL PROTECTED] Jabber: Because it's time to move forward http://ursine.ca/Ursine:Jabber pgpm3Ib7HUEFM.pgp Description: PGP signature
Re: Please revoke your signatures from Martin Kraff's keys
On Saturday 27 May 2006 10:19, Thomas Bushnell BSG wrote: Paul Johnson [EMAIL PROTECTED] writes: I would be more inclined to do that to the people who signed his key based on the Transnational Republic ID. So, who are those people? Is Manoj one of them? Martin has yet to name names. -- Paul Johnson Email and IM (XMPP Google Talk): [EMAIL PROTECTED] Jabber: Because it's time to move forward http://ursine.ca/Ursine:Jabber pgpgRerw78yxN.pgp Description: PGP signature
Re: Please revoke your signatures from Martin Kraff's keys
Dear Manoj, dear fellow DDs, I guess I could have known that this experiment of mine would turn into a huge thread, unfortunately extending across two mailing lists. Thus, it is surely in order for me to apologise for being the cause that your inboxes filled up. I have said most of what I wanted to say in my blog entry [0], even though I could have articulated and backed up my arguments a bit better. I will try to do better this time, but it will be my only message to this thread, unless the subject of followups is changed and indicates an actually relevant topic (at which point in time it's a new thread...). Please note, however, that I am leaving Mexico tomorrow and will be away from my mail more or less until Monday. 0. http://blog.madduck.net/geek/2006.05.24-tr-id-at-keysigning First of all, my name is Martin Felix Krafft (with a final 't'), and my GPG key ID is 0x330c4a75. The unofficial ID I presented listed that name (without the middle name), a photo is available from [1] (sorry, can't do better now). Thus, the ID card is an unofficial card, but the identity it claims is my real identity, not a fake one. To me, this is an important distinction in the context of this discussion. 1. http://madduck.net/~madduck/scratch/tr-id.jpg Key numbers 1-102, as well as 123-140 got to see my unofficial ID (if they were present). Those who didn't accept the ID surely remember being showed an official one I had in my pocket. I have indicated in my blog posting that GPG allows you to revoke signatures from keys, and I included that information exactly because I wanted to make it easier for people to undo the signing if they felt cheated. In any case, it should be the decision of each and every individual whether to revoke his/her signatures on my key. A public call as in this case is especially inappropriate IMHO, because noone can actually define the proper baseline for identity verification at keysigning parties. For your information, to date, not a single signature has been revoked. Before I respond to a few of the issues and questions raised in the thread, let me present my view of the problem. I would like to thank my travelling companions for helping me straighten it out. The Debian project heavily relies on keysigning for much of its work. However, I think the question what the signing of a key actually accomplishes has not been properly addressed. In my opinion, from the point of view of the Debian project, a person's actual identity (as in the name on your birth certificate) matters very little; the Debian project does not actively interfere with a person's real life in such a way as to require the birth certificate identity (legal cases, liability issues, etc.). Moreover, it's rather trivial in several countries of this world to change your official name. In this context, even the claim that in the case of a trust abuse, your reputation throughout the FLOSS community (and the rest of the Internet) should be properly tarnished, does not stand, IMHO. From within the project, what matters is that everything you do within the project can be attributed to one and the same person: the same person that went through our NM process. The GPG key is one technical measure to allow for this form of identification. Its purpose is not, as Micah Anderson states, a means to confirm the validity of a government-issued ID. This brings me to a point which Andreas Schuldei nicely stated at the beginning of the thread (as did others throughout): I do not need an ID to identify martin, so i dont need to rely on his (forged or real) passport or other id from him in order to sign his key. If you did not know him before you should not sign his key (if your judgement was based on the unofficial ID). When Andreas signs my ID, he voices his trust in that I am who I claim to be, and he does so not because I presented him with an ID with the claimed name, but because we've interacted many times before. In that line, Gunnar's point stands: Maybe we should just drop holding KSPs, and fall back to the traditional method of Hey, nice dinner we had yesterday. Say, now that you know me, my family and my history, would you like to sign my key as well? - Signing for people you actually know, not just linking In my eyes, this is exactly what a keysigning is and should be all about: a statement of familiarity with a person, nothing more and nothing less. And as a project, we should either accept that, or find a better way to identify our developers. So what to do in this very situation? Should you revoke your signature from my key (or not even sign it in the first place)? Should you revoke or refuse signatures to all participants, because some claim the keysigning party to have been subverted? I think the answer to both cases should be: no, unless you have not previously known the person whose key you wish to sign. That's exactly what makes this decision very subjective, and a public call such as the original post
Re: Please revoke your signatures from Martin Kraff's keys
On Sat, May 27, 2006 at 10:19:57AM -0700, Thomas Bushnell BSG wrote: Paul Johnson [EMAIL PROTECTED] writes: I would be more inclined to do that to the people who signed his key based on the Transnational Republic ID. So, who are those people? Is Manoj one of them? It seems that I am one of them. After the fact, I do have a vague recollection of being presented an ID of unusual issuance, which may or may not have been Martin's; and I am told I did not ask for a second ID as I should have. Clearly, there is serious doubt that my ID checking standards that day were what they should have been, whether due to fatigue, or a feeling of being rushed due to the format, or other factors. I am grateful to Martin for bringing this to my attention, though I suppose others won't feel the same way given that it's my intention now to revoke all signatures I issued based on that KSP barring exceptional cases in which I can explicitly recall enough details of the signee's ID to confirm that I have checked it correctly. I am not asserting that I should be able to detect any and all forgeries of official IDs; that's definitely beyond my mortal means. But I should not be accepting forms of ID that I can't actually *recognize*, and for forms that I *do* recognize, there are almost universally legal penalties for forging such documents. There is no law against private-issue IDs with a person's name and picture on them, which means that if I allow myself to sign a key based on such ID, the cost to a potential attacker to get into the web of trust -- even the Debian web of trust, not the global web of trust in general -- is way too low, way lower than the cost that any of us should be able to enforce if we prioritize security over keyrankings the way we ought to. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ signature.asc Description: Digital signature
Re: Please revoke your signatures from Martin Kraff's keys
And, to the people who have trouble distinguishing between paying for a passport and purchasing an ID, while I have had to pay for all my official identity documents, merely paying would not have got me one -- there were background checks, There were none at all in my case, as outlined above. Austrian passports can not, IMHO, be trusted because of this. If my own country does not do proper checks, maybe others don't, either. Bottom line is that you can't trust *any* kind of ID, because it might be either faked or issued negligently. I don't see where the difference is between a passport and a TR ID card. I build trust in RL based on people and their behavior, not on ID's. Maybe all my friends are living under a fake name... I do not know nor care. As long as the work signed with a particular key is in order, everything is fine - why chase names? C. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Please revoke your signatures from Martin Kraff's keys
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paul Johnson wrote: On Friday 26 May 2006 15:27, Ron Johnson wrote: Paul Johnson wrote: On Thursday 25 May 2006 08:30, Manoj Srivastava wrote: Given time, one can pay more attention to each document (I require at least two photo ID's issued by the government). WTF? In Oregon, if you have a driver's license, you cannot get an ID card. If you have an ID card, you have to surrender it to get a driver's license. You're only legally allowed one ID. Expand your horizon beyond that of the DMV. There is no ID issuing authority recognized in Oregon higher than the DMV. So, Oregon state officials won't recognize your US passport as a valid picture ID? That's a load of crap. You know it, and everyone on this list knows it. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEeNKBS9HxQb37XmcRAjm7AKCHtwsvJliaF4KsqNwITJRvFofxgQCglvqm RlOZqHgisMn/fyVUt7JiWF0= =RpH8 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Please revoke your signatures from Martin Kraff's keys
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paul Johnson wrote: On Friday 26 May 2006 18:34, Russ Allbery wrote: Paul Johnson [EMAIL PROTECTED] writes: On Thursday 25 May 2006 08:30, Manoj Srivastava wrote: Given time, one can pay more attention to each document (I require at least two photo ID's issued by the government). WTF? In Oregon, if you have a driver's license, you cannot get an ID card. If you have an ID card, you have to surrender it to get a driver's license. You're only legally allowed one ID. You can get a passport. Yeah, if I really want to give a country I don't really have much of any allegence to, and consider foreign, my money and wait around for a few months. I'm Oregonian, not American. Since there is no such thing as citizenship in a state, does I'm ... not American mean that you are voluntarily revoking your in this imperfect country? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEeNN9S9HxQb37XmcRAnINAKDI5HJVnUIGeOJy578cfR2oCYP5GgCfY/zz wjb9DLyLWIguY+dt2MCM+hc= =8RfS -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On Saturday 27 May 2006 14:12, Steinar H. Gunderson wrote: On Sat, May 27, 2006 at 01:54:03PM -0700, Paul Johnson wrote: Oregon abolished the voting booth in 2000 Oh, so they get better counts and less fraud by doing away with ballot secrecy. How wonderful. No, that's not how it works, your ballot is still secret. Think about it for a minute. You sign the mailing envelope, your ballot goes in a secrecy envelope. Elections compares signatures, opens the mailing envelope and saves it for the voter rolls, sends the secrecy envelope down the line off to the counting machines to be opened separately in some other room. That is secrecy only to the government; not in general. For instance, someone can easily pressure you into voting for party or candidate X, _since they can verify it_ (just watch as you put the ballot in the envelope, and make sure you post it). With a voting booth, nobody can effectively pressure you, as your vote is secret from everybody. Nobody can effectively pressure you, except everyone else in line, campaigners trolling the polling place, and the inability to get the day off to vote because polling places are only open 4-6 hours on election day. If you want to ignore that vote by mail is more secure than the voting booth, that's fine. Don't move to Oregon. -- Paul Johnson Email and IM (XMPP Google Talk): [EMAIL PROTECTED] Jabber: Because it's time to move forward http://ursine.ca/Ursine:Jabber pgprNrKdLfni3.pgp Description: PGP signature
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paul Johnson wrote: On Saturday 27 May 2006 14:12, Steinar H. Gunderson wrote: On Sat, May 27, 2006 at 01:54:03PM -0700, Paul Johnson wrote: Oregon abolished the voting booth in 2000 Oh, so they get better counts and less fraud by doing away with ballot secrecy. How wonderful. No, that's not how it works, your ballot is still secret. Think about it for a minute. You sign the mailing envelope, your ballot goes in a secrecy envelope. Elections compares signatures, opens the mailing envelope and saves it for the voter rolls, sends the secrecy envelope down the line off to the counting machines to be opened separately in some other room. That is secrecy only to the government; not in general. For instance, someone can easily pressure you into voting for party or candidate X, _since they can verify it_ (just watch as you put the ballot in the envelope, and make sure you post it). With a voting booth, nobody can effectively pressure you, as your vote is secret from everybody. Nobody can effectively pressure you, except everyone else in line, campaigners trolling the polling place, and the inability to get the day off to vote because polling places are only open 4-6 hours on election day. If you want to ignore that vote by mail is more secure than the voting booth, that's fine. Don't move to Oregon. With vote-by-mail from the privacy (and seclusion) of your home, who's to stop a political operative or angry husband from saying vote Democrat, or else!? Campaigners trolling the polling place is supposed to be illegal (well, it's illegal in Louisiana), and if a campaigner *does* troll a polling place, the election observer from the opposite party will report it, and she/he will have many witnesses. There are no neutral observers in your house. The husband can watch who she votes for and beat her, or she can withhold sex if he doesn't vote for whom she wants. Since the rest of the country votes in private, my wife could be voting Marxist for all I know. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEeNzZS9HxQb37XmcRAq1jAKCaCL0YRiZ7TPRGQl/L1ISPru2fCwCdGXTp hMRGuvRvAkqzEmioScSDhb8= =sYlG -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Please revoke your signatures from Martin Kraff's keys
On Saturday 27 May 2006 15:28, Ron Johnson wrote: Paul Johnson wrote: On Friday 26 May 2006 15:27, Ron Johnson wrote: Paul Johnson wrote: On Thursday 25 May 2006 08:30, Manoj Srivastava wrote: Given time, one can pay more attention to each document (I require at least two photo ID's issued by the government). WTF? In Oregon, if you have a driver's license, you cannot get an ID card. If you have an ID card, you have to surrender it to get a driver's license. You're only legally allowed one ID. Expand your horizon beyond that of the DMV. There is no ID issuing authority recognized in Oregon higher than the DMV. So, Oregon state officials won't recognize your US passport as a valid picture ID? No, I'm saying that passports are utterly useless as ID in Oregon because nobody trusts them for anything more than proof of age for cigarettes or alcohol. That's a load of crap. You know it, and everyone on this list knows it. Try using a passport as ID in Oregon sometime. -- Paul Johnson Email and IM (XMPP Google Talk): [EMAIL PROTECTED] Jabber: Because it's time to move forward http://ursine.ca/Ursine:Jabber pgpo50JPXWyKn.pgp Description: PGP signature
Re: Please revoke your signatures from Martin Kraff's keys
On Saturday 27 May 2006 15:32, Ron Johnson wrote: Paul Johnson wrote: On Friday 26 May 2006 18:34, Russ Allbery wrote: Paul Johnson [EMAIL PROTECTED] writes: On Thursday 25 May 2006 08:30, Manoj Srivastava wrote: Given time, one can pay more attention to each document (I require at least two photo ID's issued by the government). WTF? In Oregon, if you have a driver's license, you cannot get an ID card. If you have an ID card, you have to surrender it to get a driver's license. You're only legally allowed one ID. You can get a passport. Yeah, if I really want to give a country I don't really have much of any allegence to, and consider foreign, my money and wait around for a few months. I'm Oregonian, not American. Since there is no such thing as citizenship in a state, does I'm ... not American mean that you are voluntarily revoking your in this imperfect country? The vote at champoeg was when the Oregon Territory voted to become Canadian. We're on the south side of the border exclusively due to the threat of military force when the US couldn't handle the fact that we don't want them here the first time around. That's not democracy, that's coercion. -- Paul Johnson Email and IM (XMPP Google Talk): [EMAIL PROTECTED] Jabber: Because it's time to move forward http://ursine.ca/Ursine:Jabber pgp4RZWal678Y.pgp Description: PGP signature
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On Sat, May 27, 2006 at 03:41:58PM -0700, Paul Johnson wrote: On Saturday 27 May 2006 14:12, Steinar H. Gunderson wrote: On Sat, May 27, 2006 at 01:54:03PM -0700, Paul Johnson wrote: Oregon abolished the voting booth in 2000 Oh, so they get better counts and less fraud by doing away with ballot secrecy. How wonderful. No, that's not how it works, your ballot is still secret. Think about it for a minute. You sign the mailing envelope, your ballot goes in a secrecy envelope. Elections compares signatures, opens the mailing envelope and saves it for the voter rolls, sends the secrecy envelope down the line off to the counting machines to be opened separately in some other room. That is secrecy only to the government; not in general. For instance, someone can easily pressure you into voting for party or candidate X, _since they can verify it_ (just watch as you put the ballot in the envelope, and make sure you post it). With a voting booth, nobody can effectively pressure you, as your vote is secret from everybody. Nobody can effectively pressure you, except everyone else in line, campaigners trolling the polling place, and the inability to get the day off to vote because polling places are only open 4-6 hours on election day. None of these people are in the voting booth with you and they are therefore not in a position to verify the vote you cast and punish you for it. If you want to ignore that vote by mail is more secure than the voting booth, that's fine. Don't move to Oregon. If you want to make facile arguments, that's fine. But don't do it on debian-devel. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ signature.asc Description: Digital signature
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On Saturday 27 May 2006 16:12, Ron Johnson wrote: Paul Johnson wrote: On Saturday 27 May 2006 14:12, Steinar H. Gunderson wrote: On Sat, May 27, 2006 at 01:54:03PM -0700, Paul Johnson wrote: Oregon abolished the voting booth in 2000 Oh, so they get better counts and less fraud by doing away with ballot secrecy. How wonderful. No, that's not how it works, your ballot is still secret. Think about it for a minute. You sign the mailing envelope, your ballot goes in a secrecy envelope. Elections compares signatures, opens the mailing envelope and saves it for the voter rolls, sends the secrecy envelope down the line off to the counting machines to be opened separately in some other room. That is secrecy only to the government; not in general. For instance, someone can easily pressure you into voting for party or candidate X, _since they can verify it_ (just watch as you put the ballot in the envelope, and make sure you post it). With a voting booth, nobody can effectively pressure you, as your vote is secret from everybody. Nobody can effectively pressure you, except everyone else in line, campaigners trolling the polling place, and the inability to get the day off to vote because polling places are only open 4-6 hours on election day. If you want to ignore that vote by mail is more secure than the voting booth, that's fine. Don't move to Oregon. With vote-by-mail from the privacy (and seclusion) of your home, who's to stop a political operative or angry husband from saying vote Democrat, or else!? The fact you can go to the police, and you can vote wherever you please. If you're really that concerned about it, you can go down to county elections, say your ballot got lost in the mail or tell them that someone else coerced you (which voids the original ballot's mailing envelope, and if that mailing envelope gets cast, they void the ballot it contains) and they'll give you a fresh ballot and envelopes. You're welcome to vote at the elections office, but if you want privacy you're going to have to lock yourself in a restroom. Penalties for screwing with other people's votes here are severe. -- Paul Johnson Email and IM (XMPP Google Talk): [EMAIL PROTECTED] Jabber: Because it's time to move forward http://ursine.ca/Ursine:Jabber pgpyylAosTFDX.pgp Description: PGP signature
Re: Please revoke your signatures from Martin Kraff's keys
Paul Johnson [EMAIL PROTECTED] writes: The vote at champoeg was when the Oregon Territory voted to become Canadian. We're on the south side of the border exclusively due to the threat of military force when the US couldn't handle the fact that we don't want them here the first time around. That's not democracy, that's coercion. Does it matter any more? Surely the opinions of a majority of *present day* Oregonians matters a whole lot more, right? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paul Johnson wrote: On Saturday 27 May 2006 16:12, Ron Johnson wrote: Paul Johnson wrote: On Saturday 27 May 2006 14:12, Steinar H. Gunderson wrote: On Sat, May 27, 2006 at 01:54:03PM -0700, Paul Johnson wrote: Oregon abolished the voting booth in 2000 Oh, so they get better counts and less fraud by doing away with ballot secrecy. How wonderful. No, that's not how it works, your ballot is still secret. Think about it for a minute. You sign the mailing envelope, your ballot goes in a secrecy envelope. Elections compares signatures, opens the mailing envelope and saves it for the voter rolls, sends the secrecy envelope down the line off to the counting machines to be opened separately in some other room. That is secrecy only to the government; not in general. For instance, someone can easily pressure you into voting for party or candidate X, _since they can verify it_ (just watch as you put the ballot in the envelope, and make sure you post it). With a voting booth, nobody can effectively pressure you, as your vote is secret from everybody. Nobody can effectively pressure you, except everyone else in line, campaigners trolling the polling place, and the inability to get the day off to vote because polling places are only open 4-6 hours on election day. If you want to ignore that vote by mail is more secure than the voting booth, that's fine. Don't move to Oregon. With vote-by-mail from the privacy (and seclusion) of your home, who's to stop a political operative or angry husband from saying vote Democrat, or else!? The fact you can go to the police, and you can vote wherever you please. If you're really that concerned about it, you can go down to county elections, say your ballot got lost in the mail or tell them that someone else coerced you (which voids the original ballot's mailing envelope, and if that mailing envelope gets cast, they void the ballot it contains) and they'll give you a fresh ballot and envelopes. You're welcome to vote at the elections office, but if you want privacy you're going to have to lock yourself in a restroom. Penalties for screwing with other people's votes here are severe. That's after-the-fact. Eliminate the possibility by voting in a private booth. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEeO4FS9HxQb37XmcRApVsAJ9YRsKag6F0t5+axbWxyA0BTdhWVgCfb7ZS gy3xo+3MkiptXVGcrDkGniw= =S8s9 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Steve Langasek wrote: On Sat, May 27, 2006 at 03:41:58PM -0700, Paul Johnson wrote: On Saturday 27 May 2006 14:12, Steinar H. Gunderson wrote: On Sat, May 27, 2006 at 01:54:03PM -0700, Paul Johnson wrote: Oregon abolished the voting booth in 2000 [snip] If you want to ignore that vote by mail is more secure than the voting booth, that's fine. Don't move to Oregon. If you want to make facile arguments, that's fine. But don't do it on debian-devel. Stop agreeing with me, Steve, the earth might shift out of orbit! :) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEeO5bS9HxQb37XmcRAj8aAKCVB6QzY2BrjtN+ra7YoqnWIdJTQwCeOMq+ QN8auNuPzS4/ykxlOL93OyA= =TflP -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Please revoke your signatures from Martin Kraff's keys
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paul Johnson wrote: On Saturday 27 May 2006 15:28, Ron Johnson wrote: Paul Johnson wrote: On Friday 26 May 2006 15:27, Ron Johnson wrote: Paul Johnson wrote: On Thursday 25 May 2006 08:30, Manoj Srivastava wrote: Given time, one can pay more attention to each document (I require at least two photo ID's issued by the government). WTF? In Oregon, if you have a driver's license, you cannot get an ID card. If you have an ID card, you have to surrender it to get a driver's license. You're only legally allowed one ID. Expand your horizon beyond that of the DMV. There is no ID issuing authority recognized in Oregon higher than the DMV. So, Oregon state officials won't recognize your US passport as a valid picture ID? No, I'm saying that passports are utterly useless as ID in Oregon because nobody trusts them for anything more than proof of age for cigarettes or alcohol. That's a load of crap. You know it, and everyone on this list knows it. Try using a passport as ID in Oregon sometime. http://www.oregon.gov/ODOT/DMV/driverid/idproof.shtml http://www.oregon.gov/ODOT/DMV/driverid/idproofprim.shtml Acceptable Primary Documents # Passport * Must be in English or contain an English translation within the document; * Acceptable up to 5 years after expiration; # An Oregon Concealed Weapons Permit/Concealed Handgun License; -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEePCwS9HxQb37XmcRAmOsAKCwYEBL2sF4ZD6eZCg7xqfX2wiCYQCeJTPh Zh+w7iwSfrDwOR3yvT2z9tQ= =xGxM -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Please revoke your signatures from Martin Kraff's keys
On Saturday 27 May 2006 16:49, Thomas Bushnell BSG wrote: Paul Johnson [EMAIL PROTECTED] writes: The vote at champoeg was when the Oregon Territory voted to become Canadian. We're on the south side of the border exclusively due to the threat of military force when the US couldn't handle the fact that we don't want them here the first time around. That's not democracy, that's coercion. Does it matter any more? Surely the opinions of a majority of *present day* Oregonians matters a whole lot more, right? Not many of the locals I talk about this with are terribly happy with the situation today, either. -- Paul Johnson Email and IM (XMPP Google Talk): [EMAIL PROTECTED] Jabber: Because it's time to move forward http://ursine.ca/Ursine:Jabber pgpQsT3NuM259.pgp Description: PGP signature
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On 25 May 2006, Stephen Frost verbalised: * Manoj Srivastava ([EMAIL PROTECTED]) wrote: Explanation? What we have here is an act of bad faith, in the guise of demonstrating a weakness. In my experience, one act of bad faith often leads to others. pffft. This is taking it to an extreme. He wasn't trying to fake who he was, it just wasn't an ID issued by a generally recognized government (or perhaps not a government at all, but whatever). If you think an ID from a place that issue you any ID when you pay for it is valid, I probably will not trust a key signed by you, and I would also suggest other people do not. manoj -- Those who bring sunshine to the lives of others cannot keep it from themselves. Sir James Barrie Manoj Srivastava [EMAIL PROTECTED] http://www.datasync.com/%7Esrivasta/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
* Manoj Srivastava ([EMAIL PROTECTED]) wrote: On 25 May 2006, Stephen Frost spake thusly: I wasn't making any claim as to the general validity of IDs which are purchased and I'm rather annoyed that you attempted to extrapolate it out to such. What I said is that he wasn't trying to fake who he was, as the information (according to his blog anyway, which he might be lieing on but I tend to doubt it) on the ID was, in fact, accurate. He has already bragged about how he cracked the KSP by presenting an unofficial ID which he bought -- an action designed to show the weakness of signing parties. So, this was a bad faith act, since the action was not to show an valid, official ID to extend the web of trust, but to see how many people could be duped into signing his key. Pffft. Again, I call foul. That was as much 'bragging' as any scientist reporting on a study. It *wasn't* done in bad faith, as the information on the ID (now independtly confirmed even) *was* accurate. Given that he is acknowledges trying to dupe people, why do you think he is not lying about the contents of the ID? He didn't try to dupe people and this claim is getting rather old. Duping people would have actually been putting false information on the ID and generating a fake key and trying to get someone to sign off on the fake key based on completely false information. The contents of the ID were accurate, as was his key, there was no duping or lying. Whineing that he showed a non-government ID at a KSP and saying that's duping someone is more than a bit of a stretch, after all, I've got IDs issued by my company, my university, my state, my federal gov't, etc. Would I be 'duping' people if I showed them my company ID? What about my university ID? Would it have garnered this reaction? I doubt it. If you're upset about this because you had planned to sign it and now feel 'duped' then I suggest you get past that emotional hurdle and come back to reality. Rubbish. The reality I am concerned about is someone cracking the KSP and duping people into signing his hey when they had been fooled into thinking they were looking at an unfamiliar official ID. The reality is that you're turning this into something much, much larger than it actually is. If you're actually concerned about someone cracking the KSP then what you *should* be doing is attempting to educate people on the dangers of KSPs in general, not going after someone who happened to point out that not everyone checks IDs very carefully (an unsuprising reality but one which now has a good measure of proof behind it to base change upon). 'Cracking' the KSP, such as one could, would be coming up with a fake identity entirely and trying to get people to sign off on it. Even that isn't actually all that *dangerous* until someone grants some privilege based on that signature. That *isn't* what happened here, and, indeed, being rather well known (it seems) there would have made it more difficult for him to pull off than, say, someone off the street. No one 'crack'ed anything here (that we know of anyway) and while not signing his key because of this is reasonable, or even revoking a signature which had been based on this ID, the constant inflammatory claims of Martin being a 'cracker' and how this could lead to other 'cracks' is extreme, insulting, and childish. And I think your attitude is naive, optimistic, and dangerous. This was a subversion of the KSP. Admittedly, KSP's are fragile, and people get tired, and glassy eyed from looking at too many unfamiliar official looking documents. It takes little social engineering to fool people into signing based on fake documents. Again, there was no subversion, the information on his ID was accurate. I'm tired of you blowing things way out of proportion, this being just the last in a trend you seem to have towards sensationalizing things. :/ Admittedly, in the world of cracking this is the equivalent of running off with the handbag of an old lady on crutches, which is why one speculates about where the next crack is headed for. I disagree with the analogy entirely, but even more so doubt that anyone but you is speculating about where the next crack is headed for. How you made the leap from presenting a non-gov't ID at a KSP to dangerous cracker is far beyond me. Thanks, Stephen signature.asc Description: Digital signature
Re: Please revoke your signatures from Martin Kraff's keys
Le jeudi 25 mai 2006 à 02:36 -0500, Manoj Srivastava a écrit : It has come to my attention that Martin Kraff used an unofficial, and easily forge-able, identity device at a large key signing party recently. FWIW, I'm pretty sure Martin presented me an official German ID card. But should I revoke signatures from developers who showed me a US driver license, a piece of plastic I could fake with my inkjet printer? -- .''`. Josselin Mouette/\./\ : :' : [EMAIL PROTECTED] `. `'[EMAIL PROTECTED] `- Debian GNU/Linux -- The power of freedom signature.asc Description: Ceci est une partie de message numériquement signée
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
My memory is horrible, but IIRC James Troup (ie, our keymaster..) did some similar study at the DebConf5 KSP and ended up with a list of people whose GPG signtures he didn't trust anymore because of whatever trick they fell for. This thread seems entirely blown out of porportion. -- see shy jo signature.asc Description: Digital signature
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On Thu, May 25, 2006 at 04:08:31PM -0400, Stephen Frost wrote: He didn't try to dupe people and this claim is getting rather old. Duping people would have actually been putting false information on the ID and generating a fake key and trying to get someone to sign off on the fake key based on completely false information. The contents of the ID were accurate, as was his key, there was no duping or lying. Whineing that he showed a non-government ID at a KSP and saying that's duping someone is more than a bit of a stretch, after all, I've got IDs issued by my company, my university, my state, my federal gov't, etc. Would I be 'duping' people if I showed them my company ID? What about my university ID? Would it have garnered this reaction? I doubt it. Indeed, duping people would have been if he had passed himself off as AJ, and managed to get people to sign a bogus key as belonging to the DPL. That would have been a demonstration that would have been really obnoxious, and would justify your reaction. In this particular case, he did not assert incorrect information, but rather (to use an X.509 analogy) used a Certificate signed by an untrusted Certification Authority. The fact that some people were willing to trust is about as surprising as the fact that many people click OK when they see a certificate signed by CA not in the browser's trusted list. But he didn't perpetrate fraud in any way. So this is not a surprise, and it's not what I would call an earth-shaking result. But nevertheless, Manoj, I think you are over-reacting. Chill. Relax. Have a alcoholic or non-acoholic beverage of your choice. :-) - Ted -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On 25 May 2006, Andreas Tille spake thusly: On Thu, 25 May 2006, Manoj Srivastava wrote: It has come to my attention that Martin Kraff used an unofficial, and easily forge-able, identity device at a large key Is there any reason to revoke my signature I have put on Martin's key after he showed me his passport? In my opinion, yes, if you consider subverting the KSP like that unacceptable behaviour. IMHO this mail is a little bit overdone and brings a DD in a bad light. Perhaps an information to the partipiciants of the KSP in question would have done the job and it should be easy enough to find out the address list of the partipiciants. I find the action unconscionable, so I am not sure I agree that I am the one putting the DD in a bad light. His actions are what have lead to this position under the spot lights. manoj -- Human beings were created by water to transport it uphill. Manoj Srivastava [EMAIL PROTECTED] http://www.datasync.com/%7Esrivasta/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On Thu, May 25, 2006 at 02:12:25PM -0500, Manoj Srivastava wrote: On 25 May 2006, Stephen Frost spake thusly: pffft. This is taking it to an extreme. He wasn't trying to fake who he was, it just wasn't an ID issued by a generally recognized government (or perhaps not a government at all, but whatever). If you think an ID from a place that issue you any ID when you pay for it is valid, I probably will not trust a key signed by you, and I would also suggest other people do not. I wasn't making any claim as to the general validity of IDs which are purchased and I'm rather annoyed that you attempted to extrapolate it out to such. What I said is that he wasn't trying to fake who he was, as the information (according to his blog anyway, which he might be lieing on but I tend to doubt it) on the ID was, in fact, accurate. He has already bragged about how he cracked the KSP by presenting an unofficial ID which he bought -- an action designed to show the weakness of signing parties. So, this was a bad faith act, since the action was not to show an valid, official ID to extend the web of trust, but to see how many people could be duped into signing his key. Given that he is acknowledges trying to dupe people, why do you think he is not lying about the contents of the ID? He is acknowledging testing people in real-world conditions to determine whether they have acceptably strict standards for ID checking. Accusing him of duping people, of being a braggart for publishing the results of this experiment, and of acting in bad faith discourages people from testing the quality of conventional keysigning practices in the future. Shouldn't we as a community *want* to know about problems with the strength of people's ID checking, *before* someone smuggles a fraudulent identity into our ranks? Where is the indignant outrage towards those 9 out of 10 keysigners who apparently had no objection to signing a key based on a trumped-up ID card with no legal validity? If you really care about the strength of our web of trust, *they* are who should be named and shamed here. Of *course* this was done under the laxest possible keysigning circumstances. Pre-announcing that someone at the keysigning party will be showing non-government ID is like warning students of locker inspections a week in advance -- you might get a warm fuzzy that all the school's library books are turned in, but you're not going to catch any drug dealers that way... If you're upset about this because you had planned to sign it and now feel 'duped' then I suggest you get past that emotional hurdle and come back to reality. Rubbish. The reality I am concerned about is someone cracking the KSP and duping people into signing his hey when they had been fooled into thinking they were looking at an unfamiliar official ID. The whole reason we have an ID check in the first place as part of the standard keysigning practice is that we do *not* trust people to be who they say they are: if I'm doing what I'm supposed to as a key signer, then I'm not vulnerable to attacks based on trivially-falsified IDs. If I'm not doing what I'm supposed to, the only person I have reason to be mad at is myself. If I (or anyone else) can't be trusted to directly and personally verify the ID of the person whose key I'm (they're) signing, then my (their) keys add no value at all to the web of trust. It is better to have no signatures than to have weak signatures pretending to be worth something. I applaud your personal decision to revoke signatures for this KSP based on your doubts regarding the efficacy of your own ID checks under these circumstances, but I don't think it's appropriate for you to accuse Martin of wrongdoing. Admittedly, in the world of cracking this is the equivalent of running off with the handbag of an old lady on crutches, which is why one speculates about where the next crack is headed for. Any injury done to the people at the KSP they have done to themselves. It's more analagous to standing next to an icy walkway and studying how many of the old ladies on crutches walk out on their own and break their hips, vs. how many ask for his assistance across. You might think it cruel, but I don't see any justification for calling it malicious. He did dupe people --- into signing based on an unofficial document which can be purchased at will. And it is obvious that large KSP's have tired people, doing a repititive task, and have a lot of people unfamiliar with key signing. The conclusion was foregon -- rartely do people have scientific studies belabouring the obvious. If you consider it a foregone conclusion that people at KSPs, including DDs, will exercise poor keysigning practices, why attend the KSP? I attend KSPs because I'm comfortable that *I* am still checking IDs and fingerprints properly for all keys I sign, in spite of the circumstances. But if
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On Thu, May 25, 2006 at 02:12:25PM -0500, Manoj Srivastava wrote: He has already bragged about how he cracked the KSP by presenting an unofficial ID which he bought -- an action designed to show the weakness of signing parties. So, this was a bad faith act, since the action was not to show an valid, official ID to extend the web of trust, but to see how many people could be duped into signing his key. I was not there, so I might miss quite many things, but from readings seems that he showed his real ID under a presumably faked ID card, and some people signed his key based on it. Given that he is acknowledges trying to dupe people, why do you think he is not lying about the contents of the ID? This is a question for the people that signed his key based on the apparently evidently faked ID card. I do not think that was Martin who cracked the KSP, but the people who signed his key based on extremely doubtful identification. I also think you are overreacting about Martin, somebody wanting to get a signed key under a fake identity for bad purposes would not act like Martin, but in a more subtle (and dangerous) way. The only think I can complain about Martin is for not putting shame on those that were to sign his key just before signing, so others learn. Rubbish. The reality I am concerned about is someone cracking the KSP and duping people into signing his hey when they had been fooled into thinking they were looking at an unfamiliar official ID. If things are this easy we are in a problem, and this is the problem, not Martin. -- Agustin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
* Joey Hess ([EMAIL PROTECTED]) [060526 10:17]: My memory is horrible, but IIRC James Troup (ie, our keymaster..) did some similar study at the DebConf5 KSP and ended up with a list of people whose GPG signtures he didn't trust anymore because of whatever trick they fell for. I know that Peter Palfrader (weasel) submits sometimes a clear fake key to KSPs and looks for people signing it. (No, there is nobody there who claims to be that person. Only the key on the list.) Cheers, Andi -- http://home.arcor.de/andreas-barth/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On Thursday 25 May 2006 15:26, Mike Hommey wrote: On Thu, May 25, 2006 at 04:16:24PM -0500, Manoj Srivastava [EMAIL PROTECTED] wrote: The KSP was cracked, People signed a key without ever looking at proper, official ID. You can try and save face by calling it whatever you want, but that does not change the reality. Manoj, how do *you* ensure the ID that someone presents you is a proper, official ID ? I'm pretty sure we can find official IDs that look so lame that you'd think it's a fake (the old french ones could be good example, and i know people who still use that as an ID, though they wouldn't come to a KSP ; they don't even know what a GPG/PGP key is). Other good examples would be IDs issued to people under age 21 in the state of Washington (printed the wrong direction on the card), Oregon IDs issued prior to the late 1990s (exact year depends on DMV location issuing), which were a piece of cardboard with a form printed on it, and all the data typed in with an electric typewriter, with your photo glued to the upper left corner and a hologram someplace on it, laminated. The new Oregon IDs (issued after 2004) are widely mistaken as fake IDs since they're nearly identical to the California IDs: Prior to then, Oregon had a policy of making sure their ID did not look like any other state's ID (if they wanted to update the ID to make it harder to copy, they should have made the hologram part the photo of Mt. Hood with the word OREGON on it instead of switching to making poor counterfeits of California's IDs). That being said, DMV can have my Not Californian Looking(tm) ID back around the time they pry it from my cold, dead fingers or I surrender it at the BC Ministry of Transportation and Highways (by that time, the backwater country that thinks Oregon and California shouldn't have an international boundary between them can kiss my ass). -- Paul Johnson Email and IM (XMPP Google Talk): [EMAIL PROTECTED] Jabber: Because it's time to move forward http://ursine.ca/Ursine:Jabber pgpobltLD4o6M.pgp Description: PGP signature
Re: Please revoke your signatures from Martin Kraff's keys
Manoj Srivastava [EMAIL PROTECTED] writes: It has come to my attention that Martin Kraff used an unofficial, and easily forge-able, identity device at a large key signing party recently. This was apparently to belabour the obvious point that large KSP's are events where it is hard to reasonably check. in a large international KSP, anything beyond matching pictures/names/expiry dates, especially after an hour or so after starting. So, you are confident that the person who did this is in fact Martin Kraff, right? Based on this, I strongly suggest that mere signatures on a new maintainers key from a DD be also not enough, since people have now effectively proven how easily signatures may be obtained at a large KSP by just about anyone with money for a easily faked ID. What would you suggest instead? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
James Troup wrote: My key was part of the DC4 KSP materials, but I didn't manage to attend in the end. A couple of people signed my key despite my lack of attendance and one of them an NM applicant, IIRC. Again from memory, Martin talked to the NM in question who was very apologetic, claimed it was an honest mistake, he'd ticked the wrong person in the list, etc. or something similar. Aha, I *knew* my memory sucked, thanks for setting it straight. -- see shy jo signature.asc Description: Digital signature
Re: Please revoke your signatures from Martin Kraff's keys
Manoj Srivastava wrote: Hi, It has come to my attention that Martin Kraff used an unofficial, and easily forge-able, identity device at a large key signing party recently. This was apparently to belabour the obvious point that large KSP's are events where it is hard to reasonably check. in a large international KSP, anything beyond matching pictures/names/expiry dates, especially after an hour or so after starting. Presenting essentially a fake ID is an act of bad faith that leads one to wonder how many of the other key signing parties he has attended did he present a false ID? I will not be signing his keys, ever, based on this action of what I consider to be bad faith. Based on discussion with other people who seem to find this action amusing, but not unacceptable, I find that my decision to vaive my personal requirements of two forms of ID was probably a mistake, and I am probably not going to be signing any of the keys. Who actually has two forms of government issued picture ID[not counting a passport which I never take anywhere unless I really need to since it is really bad to lose it and doesn't fit in a wallet, not to mention my passport photo isn't a very good likeness being 9 years old whereas my license only last 4 years]? Travis Crump[not a DD, nor have I been to a keysigning] signature.asc Description: OpenPGP digital signature
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
Manoj Srivastava wrote: On 25 May 2006, Stephen Frost verbalised: * Manoj Srivastava ([EMAIL PROTECTED]) wrote: Explanation? What we have here is an act of bad faith, in the guise of demonstrating a weakness. In my experience, one act of bad faith often leads to others. pffft. This is taking it to an extreme. He wasn't trying to fake who he was, it just wasn't an ID issued by a generally recognized government (or perhaps not a government at all, but whatever). If you think an ID from a place that issue you any ID when you pay for it is valid, I probably will not trust a key signed by you, and I would also suggest other people do not. The previously mentioned blog entry by someone claiming to be Martin Krafft claims that the unofficial ID presented for this person was issued based on an existing passport and not only his claimed name. Ben. -- Ben Hutchings I'm always amazed by the number of people who take up solipsism because they heard someone else explain it. - E*Borg on alt.fan.pratchett signature.asc Description: This is a digitally signed message part
Re: Please revoke your signatures from Martin Kraff's keys
Manoj Srivastava [EMAIL PROTECTED] writes: Actually, passports are not really an answer (I have no idea what the passport of cameroon looke like, for example). Given time, one can pay more attention to each document (I require at least two photo ID's issued by the government). While even these can be forged, it won't be in the hurried atmosphere of a KSP. I don't even own 2 photo ID's if you don't count my student card. I would have to buy a new passport on top of my ID card just for that. MfG Goswin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Please revoke your signatures from Martin Kraff's keys
* Manoj Srivastava: I will not be signing his keys, ever, based on this action of what I consider to be bad faith. Based on discussion with other people who seem to find this action amusing, but not unacceptable, I find that my decision to vaive my personal requirements of two forms of ID was probably a mistake, and I am probably not going to be signing any of the keys. Wouldn't it make more sense to encourage people to mark the signers of Martin's key as non-trustworthy in their personal web of trust, at least if the signatures were created in a specific time frame? Signing a key does not express a trust relationship, only a vague promise that you have checked that the user ID and the owner match. The trustworthiness is an individual decision and has to be set by each GnuPG user individually. (And I'm still a bit baffled why there are so many signatures on the Debian Archive Automatic Signing Key. 8-) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
Javier Fernández-Sanguino Peña wrote: and not showing any passports or showing passports: [...] - which did not had the *same* spelling as the name in the key (letter by letter) will not get a signature from me. While you're obviously free to set your own standards as to whose keys you sign and not, I have come to the conclusion that the exact same spelling requirement doesn't make that much sense. As an example, take Bdale whose real name isn't Bdale, but Barksdale Garbee III (iirc, it's been some time since I last saw his passport, apologies if for any misspellings, etc). He goes by the name of Bdale and more people know him by that name than by Barksdale, so signing his key based on this makes sense. The same goes for middle names people never use, etc. The rule has to be applied with caution, I would be uncomfortable signing somebody's key where I didn't know about them beforehand and their name on the key and passport was a complete miss. - tfheen
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
Manoj Srivastava [EMAIL PROTECTED] wrote: On 25 May 2006, Stephen Frost verbalised: * Manoj Srivastava ([EMAIL PROTECTED]) wrote: Explanation? What we have here is an act of bad faith, in the guise of demonstrating a weakness. In my experience, one act of bad faith often leads to others. pffft. This is taking it to an extreme. He wasn't trying to fake who he was, it just wasn't an ID issued by a generally recognized government (or perhaps not a government at all, but whatever). If you think an ID from a place that issue you any ID when you pay for it is valid, I probably will not trust a key signed by you, and I would also suggest other people do not. How do you know that the people who issued this ID would have issued any ID when you pay for it? Paying, of course, is irrelevant here; at least in Germany you do have to pay for your official ID or Passport, too. And if this Transnational Republic is a political organization who do issue IDs because they want to demonstrate their political importance, and not just a fun group, I'd expect that they do try to issue correct IDs. I wouldn't trust them to do it as thoroughly as I trust the germand authorities, but I have no data to decide whether I should trust them more or less than the authorities of China, Nigeria or, for that matter, the United States of America. Regards, Frank -- Frank Küster Single Molecule Spectroscopy, Protein Folding @ Inst. f. Biochemie, Univ. Zürich Debian Developer (teTeX)
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On Thu, May 25, 2006 at 04:30:07PM -0500, Manoj Srivastava wrote: On 25 May 2006, Andreas Tille spake thusly: Is there any reason to revoke my signature I have put on Martin's key after he showed me his passport? In my opinion, yes, if you consider subverting the KSP like that unacceptable behaviour. This may be a silly question but doesn't my signature only state that I certify this key really belongs to the person it seems to belong to? Michael -- Michael Meskes Email: Michael at Fam-Meskes dot De, Michael at Meskes dot (De|Com|Net|Org) ICQ: 179140304, AIM/Yahoo: michaelmeskes, Jabber: [EMAIL PROTECTED] Go SF 49ers! Go Rhein Fire! Use Debian GNU/Linux! Use PostgreSQL! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
Manoj Srivastava wrote: On 25 May 2006, Andreas Tille spake thusly: On Thu, 25 May 2006, Manoj Srivastava wrote: It has come to my attention that Martin Kraff used an unofficial, and easily forge-able, identity device at a large key Is there any reason to revoke my signature I have put on Martin's key after he showed me his passport? In my opinion, yes, if you consider subverting the KSP like that unacceptable behaviour. Keysigning isn't for judging behaviour but for confirming identity. Thiemo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Please revoke your signatures from Martin Kraff's keys
On Thu, May 25, 2006 at 10:11:55PM -0400, Travis Crump wrote: Who actually has two forms of government issued picture ID[not counting a passport which I never take anywhere unless I really need to since it is really bad to lose it and doesn't fit in a wallet, not to mention my passport photo isn't a very good likeness being 9 years old whereas my license only last 4 years]? Well, you just mentioned it: passport and driver's license. /* Steinar */ - who doesn't drive a car, and thus only has a passport :-) -- Homepage: http://www.sesse.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On Thu, 2006-05-25 at 16:16 -0500, Manoj Srivastava wrote: On 25 May 2006, Stephen Frost spake thusly: * Manoj Srivastava ([EMAIL PROTECTED]) wrote: On 25 May 2006, Stephen Frost spake thusly: I wasn't making any claim as to the general validity of IDs which are purchased and I'm rather annoyed that you attempted to extrapolate it out to such. What I said is that he wasn't trying to fake who he was, as the information (according to his blog anyway, which he might be lieing on but I tend to doubt it) on the ID was, in fact, accurate. He has already bragged about how he cracked the KSP by presenting an unofficial ID which he bought -- an action designed to show the weakness of signing parties. So, this was a bad faith act, since the action was not to show an valid, official ID to extend the web of trust, but to see how many people could be duped into signing his key. Pffft. Again, I call foul. That was as much 'bragging' as any scientist reporting on a study. It *wasn't* done in bad faith, as the information on the ID (now independtly confirmed even) *was* accurate. Cracking is not a scientific study. cracking may not be, but determining the average number of people who spot an unofficial id could be construed to be. Given that he is acknowledges trying to dupe people, why do you think he is not lying about the contents of the ID? He didn't try to dupe people and this claim is getting rather old. He did dupe people --- into signing based on an unofficial document which can be purchased at will. And it is obvious that large KSP's have tired people, doing a repititive task, and have a lot of people unfamiliar with key signing. The conclusion was foregon -- rartely do people have scientific studies belabouring the obvious. again, the question (i believe) has to be: what is obvious? it seems, manoj, you are basing a large part of your argument on the fact that ksp are inheritly insecure. but people are constantly testing the obvious things. can they be proved to be insecure? Duping people would have actually been putting false information on the ID and generating a fake key and trying to get someone to sign off on the fake key based on completely false information. The contents of the ID were accurate, as was his key, there was no I, for one, have no way of knowing if that was not the case. duping or lying. Whineing that he showed a non-government ID at a KSP and saying that's duping someone is more than a bit of a stretch, after all, I've got IDs issued by my company, my university, my state, my federal gov't, etc. Would I be 'duping' people if I showed them my company ID? What about my university ID? Would it have garnered this reaction? I doubt it. The directive at the KSP was that you showed people an official pho ID -- a passport if you had one, or whatever you had available if you were local. Putting in a purchased card (I know there are several places around that create official looking docments in exchange for money is subvering the KSP). If you're upset about this because you had planned to sign it and now feel 'duped' then I suggest you get past that emotional hurdle and come back to reality. Rubbish. The reality I am concerned about is someone cracking the KSP and duping people into signing his hey when they had been fooled into thinking they were looking at an unfamiliar official ID. The reality is that you're turning this into something much, much larger than it actually is. I can't help it if you think presenting unofficial ID at a debian KSP does not amount to much. I tend not to dismiss gaming web of trust issues dismissively. If you're actually concerned about someone cracking the KSP then what you *should* be doing is attempting to educate people on the dangers of KSPs in general, not going after someone who happened to point out that not everyone checks IDs very carefully (an unsuprising reality but one which now has a good measure of proof behind it to base change upon). Heh. I guess we need to have proof of the unsurprising fact that people bleed when pierced with 6 inches of sharp steel too? Would that be just a scientific study to you? Either the KSP was subverted, i which case we have something to educate people about, or 'Cracking' the KSP, such as one could, would be coming up with a fake identity entirely and trying to get people to sign off on it. How do you know that is not what happened? Even that isn't actually all that *dangerous* until someone grants some privilege based on that signature. The Next time that key signs a NM candidates key, and that sig is used to get someone into Debian, privileges would have been granted from a tainted signature. That *isn't* what happened here, No? You can
Re: Please revoke your signatures from Martin Kraff's keys
Travis Crump [EMAIL PROTECTED] writes: Who actually has two forms of government issued picture ID[not counting a passport which I never take anywhere unless I really need to since it is really bad to lose it and doesn't fit in a wallet, not to mention my passport photo isn't a very good likeness being 9 years old whereas my license only last 4 years]? Well, I don't. I don't have a current passport since I haven't left the EU in a while. But if you are told to bring 2 picture IDs to a KSP and you don't bring your passport (if you have one) then that is your fault. By the way, if everyone brings 2 IDs doesn't that double the work of checking them and make people even more lazy about it? Travis Crump[not a DD, nor have I been to a keysigning] MfG Goswin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On Fri, May 26, 2006 at 11:06:31AM -0500, Manoj Srivastava wrote: On 26 May 2006, Thiemo Seufer outgrape: Keysigning isn't for judging behaviour but for confirming identity. * Michael Meskes: This may be a silly question but doesn't my signature only state that I certify this key really belongs to the person it seems to belong to? Exactly. It does not tell us anything about your views regarding that person or the purpose of the key itself. But if official looking purchased identity documents are in play, no one can be sure of succesfully performing an ID check. That's true. But the same holds for an ID card of a foreign country that you might never have seen before. But being German and having seen Martin's German ID card I tend to think I could successfully perform the check back when we met for the first time. Keep in mind though that I just asked about signature revocation. It doesn't seem to make sense for me to revoke my signature. Your mileage may vary if you're unsure about the ID he showed you. I can completely understand that. Furthermore I wonder if he finds someone believing his ID card in the near future. Michael -- Michael Meskes Email: Michael at Fam-Meskes dot De ICQ: 179140304, AIM/Yahoo: michaelmeskes, Jabber: [EMAIL PROTECTED] Go SF 49ers! Go Rhein Fire! Use Debian GNU/Linux! Use PostgreSQL! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On Thu, May 25, 2006 at 08:00:23PM +0200, Javier Fernández-Sanguino Peña wrote: FWIW, I noted down those keys I would *not* sign and didn't tell the people at the KSP that I would not sign them. I guess his experiment only one in ten said that they would *not* sign it is moot unless he backs it up with the signatures he eventually got sent from those he showed a wrong ID to. Don't you think this is at least don't fair to people attending KSP? Not even explaining them why they won't receive your signature (which is the whole point of KSP). Something like I'm sorry but this is unacceptable to me (because of this and that) would be okay to educate people showing correct IDs. just my two (pesos) cents, filippo -- Filippo Giunchedi - http://esaurito.net PGP key: 0x6B79D401 random quote follows: I was once walking through the forest alone. A tree fell right in front of me -- and I didn't hear it. -- Steven Wright signature.asc Description: Digital signature
Re: Please revoke your signatures from Martin Kraff's keys
On 26 May 2006, Florian Weimer outgrape: * Manoj Srivastava: I will not be signing his keys, ever, based on this action of what I consider to be bad faith. Based on discussion with other people who seem to find this action amusing, but not unacceptable, I find that my decision to vaive my personal requirements of two forms of ID was probably a mistake, and I am probably not going to be signing any of the keys. Wouldn't it make more sense to encourage people to mark the signers of Martin's key as non-trustworthy in their personal web of trust, at least if the signatures were created in a specific time frame? Signing a key does not express a trust relationship, only a vague promise that you have checked that the user ID and the owner match. The trustworthiness is an individual decision and has to be set by each GnuPG user individually. Ha!. So the 10% who did check the supposed real ID would be also penalized? I guess that would be par for the course. manoj -- And I alone am returned to wag the tail. Manoj Srivastava [EMAIL PROTECTED] http://www.debian.org/%7Esrivasta/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On 5/26/06, Tollef Fog Heen [EMAIL PROTECTED] wrote: While you're obviously free to set your own standards as to whose keysyou sign and not, I have come to the conclusion that the exact samespelling requirement doesn't make that much sense.As an example, take Bdale whose real name isn't Bdale, but Barksdale Garbee III (iirc, it'sbeen some time since I last saw his passport, apologies if for anymisspellings, etc).He goes by the name of Bdale and more people know him by that name than by Barksdale, so signing his key based on thismakes sense.The same goes for middle names people never use, etc.Me too. My passport and NZ Driver's License both say Penelope, but I have gone by Penny all my life, and that's the name on my key. I'm pretty sure there were people at Debconf5 who didn't sign my key because of this. That's fine, everyone is entitled to their choice, although it struck me as a little bit silly. Penny is clearly short for Penelope. Perhaps this was my bad when I made the key displayed a lack of foresight. This is probably not really a useful contribution to this discussion; carry on.Penny-- context: http://she.geek.nz || http://catalyst.net.nz
Re: Please revoke your signatures from Martin Kraff's keys
On 25 May 2006, Thomas Bushnell told this: Manoj Srivastava [EMAIL PROTECTED] writes: It has come to my attention that Martin Kraff used an unofficial, and easily forge-able, identity device at a large key signing party recently. This was apparently to belabour the obvious point that large KSP's are events where it is hard to reasonably check. in a large international KSP, anything beyond matching pictures/names/expiry dates, especially after an hour or so after starting. So, you are confident that the person who did this is in fact Martin Kraff, right? not any more. Based on this, I strongly suggest that mere signatures on a new maintainers key from a DD be also not enough, since people have now effectively proven how easily signatures may be obtained at a large KSP by just about anyone with money for a easily faked ID. What would you suggest instead? Stop signing keys for Debian developers, since purchased ID's are acceptable in this community? ;) At this point, I am not sure what my stance is going to be. manoj -- The Law of the Letter: The best way to inspire fresh thoughts is to seal the envelope. Manoj Srivastava [EMAIL PROTECTED] http://www.debian.org/%7Esrivasta/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On Thu, May 25, 2006 at 05:45:42PM -0700, Paul Johnson wrote: On Thursday 25 May 2006 15:26, Mike Hommey wrote: I'm pretty sure we can find official IDs that look so lame that you'd think it's a fake (the old french ones could be good example, and i know people who still use that as an ID, though they wouldn't come to a KSP ; they don't even know what a GPG/PGP key is). Other good examples would be IDs issued to people under age 21 in the state of Washington (printed the wrong direction on the card), Oregon IDs issued prior (...) Also worth noting that Spanish driving license IDs are on that group. They are just (pink) cardboard with your name written in with a typewriter and your picture *stapled* to it. I believe that has changed now (last year?) and driving licenses now look more official (plastic cards) I have always wondered why they are useful in Spain for ID purposes (even for voting in general ellections) since it's a boy's game to unstaple somebody's picture from his driving license and go vote with his ID and your picture in it [0]. Go figure. Regards, Javier [0] As long as he doesn't go and vote too, since the people in the voting table would notice that he has voted twice and probably would have to reject the whole voting box of that table (as they would be unable to find and remove the previous voters' vote). signature.asc Description: Digital signature
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On Fri, May 26, 2006 at 09:52:48AM +0200, Tollef Fog Heen wrote: Javier Fernández-Sanguino Peña wrote: and not showing any passports or showing passports: [...] - which did not had the *same* spelling as the name in the key (letter by letter) will not get a signature from me. (...) The rule has to be applied with caution, I would be uncomfortable signing somebody's key where I didn't know about them beforehand and their name on the key and passport was a complete miss. I didn't want to imply this was a best practices rule. It's just my *personal* rule for KSP when encountering people I haven't seen/met before [0]. Feel free to use it or drop it, that's your choice. Either case, It's your deccision to enforce whatever additional rules you want to to ID checks at KSP. I think I even heard somebody that said that whenever he goes to a KSP he doesn't sign the key, but waits until he meets him again (with the same fingerprint) in *a different* KSP. That's when he signs it. For me, this rule does make sense too (although I don't use it myself) Regards Javier [1] I actually did not enforce this when I was new to KSP but added the rule later on after having uncomfortable experiences in some. signature.asc Description: Digital signature
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On Fri, May 26, 2006 at 11:57:09AM +0200, Michael Meskes wrote: On Thu, May 25, 2006 at 04:30:07PM -0500, Manoj Srivastava wrote: On 25 May 2006, Andreas Tille spake thusly: Is there any reason to revoke my signature I have put on Martin's key after he showed me his passport? In my opinion, yes, if you consider subverting the KSP like that unacceptable behaviour. This may be a silly question but doesn't my signature only state that I certify this key really belongs to the person it seems to belong to? It certifies that you've seen the person, that he's shown you his GPG key which he had claimed to be his, and that you have a reasonable suspicion that he is who he claims to be. Given the huge number of different people who sign GPG keys, you cannot reasonably assume anything more than the above about signatures from anyone but yourself (i.e., it is not what you *should* check before signing a key; these are only the checks that you can reasonably assume to have been made). That aside, personally, I don't know what the big fuzz is about. I know who Martin Krafft is; I've seen him at a number of FOSDEM instances, and I've seen him last year in Helsinki, where I called him by his name (to which he reacted), and where literally hundreds of others did the same. Considering that, I don't need a government-issued ID to be sure that he is indeed who he claims to be. I suspect the same is true for many of the other Debian people there. I'd think it'd be very hard to be impersonating someone at a DebConf KSP. -- Fun will now commence -- Seven Of Nine, Ashes to Ashes, stardate 53679.4 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Please revoke your signatures from Martin Kraff's keys
On Thursday 25 May 2006 08:30, Manoj Srivastava wrote: Given time, one can pay more attention to each document (I require at least two photo ID's issued by the government). WTF? In Oregon, if you have a driver's license, you cannot get an ID card. If you have an ID card, you have to surrender it to get a driver's license. You're only legally allowed one ID. -- Paul Johnson Email and IM (XMPP Google Talk): [EMAIL PROTECTED] Jabber: Because it's time to move forward http://ursine.ca/Ursine:Jabber pgpWNLJZwxsTn.pgp Description: PGP signature
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
* Michael Meskes: This may be a silly question but doesn't my signature only state that I certify this key really belongs to the person it seems to belong to? Exactly. It does not tell us anything about your views regarding that person or the purpose of the key itself. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On 26 May 2006, Wouter Verhelst told this: On Fri, May 26, 2006 at 11:57:09AM +0200, Michael Meskes wrote: This may be a silly question but doesn't my signature only state that I certify this key really belongs to the person it seems to belong to? That aside, personally, I don't know what the big fuzz is about. I Err, I thought I had already elucidated what my concerns were. know who Martin Krafft is; I've seen him at a number of FOSDEM instances, and I've seen him last year in Helsinki, where I called him by his name (to which he reacted), and where literally hundreds of others did the same. Considering that, I don't need a government-issued ID to be sure that he is indeed who he claims to be. I suspect the same is true for many of the other Debian people there. This is why they say that the plural of anecdote is not data. I am pretty sure I am not the only person at debconf6 for whom this was the first debconf. If the source of all our identity verification is a) a person says who he is, and b) presents a perhaps purchased off the internet doc saying the same thing, I am not sure _how_ one can have a trust relationship between a name and a fingerprint. manoj -- Don't despair; your ideal lover is waiting for you around the corner. Manoj Srivastava [EMAIL PROTECTED][EMAIL PROTECTED] 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On 26 May 2006, Thiemo Seufer outgrape: Keysigning isn't for judging behaviour but for confirming identity. * Michael Meskes: This may be a silly question but doesn't my signature only state that I certify this key really belongs to the person it seems to belong to? Exactly. It does not tell us anything about your views regarding that person or the purpose of the key itself. But if official looking purchased identity documents are in play, no one can be sure of succesfully performing an ID check. manoj -- To be is to program. Calvin Keegan Manoj Srivastava [EMAIL PROTECTED] http://www.debian.org/%7Esrivasta/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Javier Fernández-Sanguino Peña wrote: On Thu, May 25, 2006 at 05:45:42PM -0700, Paul Johnson wrote: On Thursday 25 May 2006 15:26, Mike Hommey wrote: [snip] [0] As long as he doesn't go and vote too, since the people in the voting table would notice that he has voted twice and probably would have to reject the whole voting box of that table (as they would be unable to find and remove the previous voters' vote). Well that's an interesting way to cook an election... -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEd39JS9HxQb37XmcRAidbAJ9K9m/w9EFTAbwx6qJTLq6JpJDxLACfeRP9 xei3M2uvlbS3lEijPKAb0LI= =tpf9 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Please revoke your signatures from Martin Kraff's keys
Manoj Srivastava [EMAIL PROTECTED] writes: What would you suggest instead? Stop signing keys for Debian developers, since purchased ID's are acceptable in this community? ;) At this point, I am not sure what my stance is going to be. What do you think we get by having the signed ID? What advantages accrue to Debian by having this check that someone's real name is what we think it is? I think it's a good thing, I agree with our practice, but I'm not sure what vast security hole is suddenly opened up here. If we found out that the person who has been a faithful and valuable developer, under the name Martin Krafft is not the real Martin Krafft, what should we do? Go find the real Martin Krafft and make him a developer? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Please revoke your signatures from Martin Kraff's keys
On Friday 26 May 2006 07:06, Manoj Srivastava wrote: On 25 May 2006, Thomas Bushnell told this: Manoj Srivastava [EMAIL PROTECTED] writes: Based on this, I strongly suggest that mere signatures on a new maintainers key from a DD be also not enough, since people have now effectively proven how easily signatures may be obtained at a large KSP by just about anyone with money for a easily faked ID. What would you suggest instead? Stop signing keys for Debian developers, since purchased ID's are acceptable in this community? That is a fact not in evidence with supplied information. As I gather, Martin was carrying a passport, his German ID and the quasi-fake Transnational Republic ID. If I had been presented with his TR ID, I would probably laugh and say, OK, now how about one from a real jurisdiction. -- Paul Johnson Email and IM (XMPP Google Talk): [EMAIL PROTECTED] Jabber: Because it's time to move forward http://ursine.ca/Ursine:Jabber pgp0vE1OQX9DI.pgp Description: PGP signature
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On 26 May 2006, Matt Zagrabelny spake thusly: On Thu, 2006-05-25 at 16:16 -0500, Manoj Srivastava wrote: Cracking is not a scientific study. cracking may not be, but determining the average number of people who spot an unofficial id could be construed to be. I can honestly state that that number is like 100%, based on some ID's I have seen created by people associated with my day job. I am not sure what an uncontrolled social engineering effort Given that he is acknowledges trying to dupe people, why do you think he is not lying about the contents of the ID? He didn't try to dupe people and this claim is getting rather old. He did dupe people --- into signing based on an unofficial document which can be purchased at will. And it is obvious that large KSP's have tired people, doing a repititive task, and have a lot of people unfamiliar with key signing. The conclusion was foregon -- rartely do people have scientific studies belabouring the obvious. again, the question (i believe) has to be: what is obvious? it seems, manoj, you are basing a large part of your argument on the fact that ksp are inheritly insecure. but people are constantly testing the obvious things. can they be proved to be insecure? martin is supposed to accept (or know) the fact that ksp are insecure. (though they cant be *proved* to be) *Sigh*, I guess I have to spell it out. Here it goes. There is a large international gathering, with only some people who knew other participants in the KSP. There were several nationalities represented, and the travel documents represented very different standards. Some were written in ink, some were ostensibly extended on a different page from the initial expiration date. In some, the language used for added notes was not a language that people would understand. This group of people also had some people who had never been outside the country, and had no passports. There was no common spoken language all participants were fluent in. English, while coming close, was not there. No one is familiar a priori with passports from all countries represented. Insistence on a passport would have eliminatged people, and passports were not made a requirement before the signing party. There were 120 or so people present. The allocated time was two hours, and the KSP was conducted standing up. This means you have 50 seconds to juggle two sets of ID's, ask about fingerprints, md5sum of the file, and say hello. You did this for two hours, standing up, juggling ID's, pen, pieces of loose paper, and perhaps a bottle of water, since it was hot and conducted outside. You need *PROOF* that id checking was lax, man, your world view is weird. this is an issue. Precisemento. there are countless things that cannot be proved. rsa crypto cannot be proved to be a good crypto, it just appears to be. many things we rely upon have no proof of being good, or right, or what we expect them to provide, we just accept them as they are; and with that we accept the risk of not knowing (for 100%) that things are as we expect them to be. And in this pool of expectations of good faith, any gaming of the system needs to meet with strong disapproval. All I am saying. manoj -- ..you could spend *all day* customizing the title bar. Believe me. I speak from experience. -- Matt Welsh Manoj Srivastava [EMAIL PROTECTED] http://www.debian.org/%7Esrivasta/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Debconf-discuss] Re: Please revoke your signatures from Martin Kraff's keys
On Sat, 27 May 2006, Penny Leach wrote: struck me as a little bit silly. Penny is clearly short for Penelope. Only if you are reasonably well acquinted with the English language and usual english names and nicknames. Perhaps this was my bad when I made the key displayed a lack of foresight. There is nothing stopping you from adding a new user-id with your full name and the same email address as you have in your Penny Leach user-id. In fact, I suggest you do so and add that user-id. People can chose which one to sign, they are not forced to sign all user-ids in a key... -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]