On Wed, Jun 07, 2006 at 01:22:56AM +0100, Wookey wrote:
I have no idea what it would take to persuade you that I am who I say I am,
but if you _only_ accept National Passports then it would appear to be
impossible in my case (which I realise is something of a corner-case).
I would probably
On Sun, May 28, 2006 at 08:57:55PM -0700, Thomas Bushnell BSG wrote:
If I were to crack a key signing party, using Bubba's travel
documents, I too would swear up and down the street that he indeed
correctly and diligently verified all kinds of _other_ government
ID's when
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, 27 May 2006 16:21:22 -0700
Paul Johnson [EMAIL PROTECTED] wrote:
On Saturday 27 May 2006 16:12, Ron Johnson wrote:
Paul Johnson wrote:
On Saturday 27 May 2006 14:12, Steinar H. Gunderson wrote:
On Sat, May 27, 2006 at 01:54:03PM
Steve Langasek [EMAIL PROTECTED] writes:
On Sun, May 28, 2006 at 08:57:55PM -0700, Thomas Bushnell BSG wrote:
If I were to crack a key signing party, using Bubba's travel
documents, I too would swear up and down the street that he indeed
correctly and diligently verified all
On Sat, May 27, 2006 at 04:47:20PM -0500, martin f krafft wrote:
The Debian project heavily relies on keysigning for much of its
work. However, I think the question what the signing of a key
actually accomplishes has not been properly addressed. In my
opinion, from the point of view of the
Quoting Andreas Barth ([EMAIL PROTECTED]):
I know that Peter Palfrader (weasel) submits sometimes a clear fake key
to KSPs and looks for people signing it. (No, there is nobody there who
claims to be that person. Only the key on the list.)
For future reference, I personnally dislike people
Hi,
First of all, my name is Martin Felix Krafft (with a final 't'), and
my GPG key ID is 0x330c4a75. The unofficial ID I presented listed
that name (without the middle name), a photo is available from [1]
(sorry, can't do better now). Thus, the ID card is an unofficial
card, but the
Junichi Uekawa [EMAIL PROTECTED] wrote:
This has opened a can of worms; because your transnational ID was as
official as it could get. Most of us do not know what other countries
consider to be official, and it's more of an intent and goodwill
rather than scientific or legally binding
Junichi Uekawa [EMAIL PROTECTED] writes:
This has opened a can of worms; because your transnational ID was as
official as it could get. Most of us do not know what other countries
consider to be official, and it's more of an intent and goodwill
rather than scientific or legally binding
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 26 May 2006 16:24:27 -0700
Paul Johnson [EMAIL PROTECTED] wrote:
On Friday 26 May 2006 15:20, Ron Johnson wrote:
Javier Fernández-Sanguino Peña wrote:
On Thu, May 25, 2006 at 05:45:42PM -0700, Paul Johnson wrote:
On Thursday 25 May
Javier Fernández-Sanguino Peña wrote:
On Thu, May 25, 2006 at 05:30:23PM +0200, Luca Capello wrote:
FYI, Martin's explanation is at [1], which passed on Planet Debian.
Thx, bye,
Gismo / Luca
[1] http://blog.madduck.net/geek/2006.05.24-tr-id-at-keysigning
FWIW, I noted down those
On Fri, May 26, 2006 at 03:09:04PM +0200, Filippo Giunchedi wrote:
On Thu, May 25, 2006 at 08:00:23PM +0200, Javier Fernández-Sanguino Peña
wrote:
FWIW, I noted down those keys I would *not* sign and didn't tell the people
at the KSP that I would not sign them. I guess his experiment only
On Fri, May 26, 2006 at 05:20:59PM -0500, Ron Johnson wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Javier Fernández-Sanguino Peña wrote:
On Thu, May 25, 2006 at 05:45:42PM -0700, Paul Johnson wrote:
On Thursday 25 May 2006 15:26, Mike Hommey wrote:
[snip]
[0] As long as he
On Sat, May 27, 2006 at 04:04:33PM +0200, Moritz Muehlenhoff wrote:
That being said I (personally) already decided not to sign people that
showed
me something that was *not* a passport and noted that in my KSP paper page
through it. Unfortunately, I'm not confindent in my ability to
On Fri, May 26, 2006 at 04:54:19PM +0200, Javier Fernández-Sanguino Peña wrote:
On Thu, May 25, 2006 at 05:45:42PM -0700, Paul Johnson wrote:
On Thursday 25 May 2006 15:26, Mike Hommey wrote:
I'm pretty sure we can find official IDs that look so lame that you'd think
it's a fake
Also worth
On Saturday 27 May 2006 06:17, Jacob S wrote:
Oregon abolished the voting booth in 2000: Election Day is
actually the last election day of six consecutive weeks we can vote
(beat that and your wussy six hours, America!), and we vote at home.
You have your option of mailing or handing in
On Sat, May 27, 2006 at 01:54:03PM -0700, Paul Johnson wrote:
Oregon abolished the voting booth in 2000
Oh, so they get better counts and less fraud by doing away with ballot
secrecy. How wonderful.
No, that's not how it works, your ballot is still secret. Think about it for
a minute. You
On Saturday 27 May 2006 14:12, Steinar H. Gunderson wrote:
On Sat, May 27, 2006 at 01:54:03PM -0700, Paul Johnson wrote:
Oregon abolished the voting booth in 2000
Oh, so they get better counts and less fraud by doing away with ballot
secrecy. How wonderful.
No, that's not how it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Paul Johnson wrote:
On Saturday 27 May 2006 14:12, Steinar H. Gunderson wrote:
On Sat, May 27, 2006 at 01:54:03PM -0700, Paul Johnson wrote:
Oregon abolished the voting booth in 2000
Oh, so they get better counts and less fraud by doing away with
On Sat, May 27, 2006 at 03:41:58PM -0700, Paul Johnson wrote:
On Saturday 27 May 2006 14:12, Steinar H. Gunderson wrote:
On Sat, May 27, 2006 at 01:54:03PM -0700, Paul Johnson wrote:
Oregon abolished the voting booth in 2000
Oh, so they get better counts and less fraud by doing away with
On Saturday 27 May 2006 16:12, Ron Johnson wrote:
Paul Johnson wrote:
On Saturday 27 May 2006 14:12, Steinar H. Gunderson wrote:
On Sat, May 27, 2006 at 01:54:03PM -0700, Paul Johnson wrote:
Oregon abolished the voting booth in 2000
Oh, so they get better counts and less fraud by doing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Paul Johnson wrote:
On Saturday 27 May 2006 16:12, Ron Johnson wrote:
Paul Johnson wrote:
On Saturday 27 May 2006 14:12, Steinar H. Gunderson wrote:
On Sat, May 27, 2006 at 01:54:03PM -0700, Paul Johnson wrote:
Oregon abolished the voting booth
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Steve Langasek wrote:
On Sat, May 27, 2006 at 03:41:58PM -0700, Paul Johnson wrote:
On Saturday 27 May 2006 14:12, Steinar H. Gunderson wrote:
On Sat, May 27, 2006 at 01:54:03PM -0700, Paul Johnson wrote:
Oregon abolished the voting booth in 2000
On 25 May 2006, Stephen Frost verbalised:
* Manoj Srivastava ([EMAIL PROTECTED]) wrote:
Explanation? What we have here is an act of bad faith, in the guise
of demonstrating a weakness. In my experience, one act of bad faith
often leads to others.
pffft. This is taking it to an extreme. He
* Manoj Srivastava ([EMAIL PROTECTED]) wrote:
On 25 May 2006, Stephen Frost spake thusly:
I wasn't making any claim as to the general validity of IDs which
are purchased and I'm rather annoyed that you attempted to
extrapolate it out to such. What I said is that he wasn't trying to
fake
My memory is horrible, but IIRC James Troup (ie, our keymaster..) did
some similar study at the DebConf5 KSP and ended up with a list of
people whose GPG signtures he didn't trust anymore because of whatever
trick they fell for.
This thread seems entirely blown out of porportion.
--
see shy jo
On Thu, May 25, 2006 at 04:08:31PM -0400, Stephen Frost wrote:
He didn't try to dupe people and this claim is getting rather old.
Duping people would have actually been putting false information on the
ID and generating a fake key and trying to get someone to sign off on
the fake key based on
On 25 May 2006, Andreas Tille spake thusly:
On Thu, 25 May 2006, Manoj Srivastava wrote:
It has come to my attention that Martin Kraff used an
unofficial, and easily forge-able, identity device at a large key
Is there any reason to revoke my signature I have put on
Martin's key after he
On Thu, May 25, 2006 at 02:12:25PM -0500, Manoj Srivastava wrote:
On 25 May 2006, Stephen Frost spake thusly:
pffft. This is taking it to an extreme. He wasn't trying to fake
who he was, it just wasn't an ID issued by a generally recognized
government (or perhaps not a government at all,
On Thu, May 25, 2006 at 02:12:25PM -0500, Manoj Srivastava wrote:
He has already bragged about how he cracked the KSP by
presenting an unofficial ID which he bought -- an action designed to
show the weakness of signing parties. So, this was a bad faith act,
since the action was not
* Joey Hess ([EMAIL PROTECTED]) [060526 10:17]:
My memory is horrible, but IIRC James Troup (ie, our keymaster..) did
some similar study at the DebConf5 KSP and ended up with a list of
people whose GPG signtures he didn't trust anymore because of whatever
trick they fell for.
I know that
On Thursday 25 May 2006 15:26, Mike Hommey wrote:
On Thu, May 25, 2006 at 04:16:24PM -0500, Manoj Srivastava
[EMAIL PROTECTED] wrote:
The KSP was cracked, People signed a key without ever looking
at proper, official ID. You can try and save face by calling it
whatever you want,
James Troup wrote:
My key was part of the DC4 KSP materials, but I didn't manage to
attend in the end. A couple of people signed my key despite my lack
of attendance and one of them an NM applicant, IIRC. Again from
memory, Martin talked to the NM in question who was very apologetic,
Manoj Srivastava wrote:
On 25 May 2006, Stephen Frost verbalised:
* Manoj Srivastava ([EMAIL PROTECTED]) wrote:
Explanation? What we have here is an act of bad faith, in the guise
of demonstrating a weakness. In my experience, one act of bad faith
often leads to others.
pffft. This
Javier Fernández-Sanguino Peña wrote:
and not showing any passports or showing passports:
[...]
- which did not had the *same* spelling as the name in the key (letter by
letter)
will not get a signature from me.
While you're obviously free to set your own standards as to whose keys
Manoj Srivastava [EMAIL PROTECTED] wrote:
On 25 May 2006, Stephen Frost verbalised:
* Manoj Srivastava ([EMAIL PROTECTED]) wrote:
Explanation? What we have here is an act of bad faith, in the guise
of demonstrating a weakness. In my experience, one act of bad faith
often leads to others.
On Thu, May 25, 2006 at 04:30:07PM -0500, Manoj Srivastava wrote:
On 25 May 2006, Andreas Tille spake thusly:
Is there any reason to revoke my signature I have put on
Martin's key after he showed me his passport?
In my opinion, yes, if you consider subverting the KSP like
that
Manoj Srivastava wrote:
On 25 May 2006, Andreas Tille spake thusly:
On Thu, 25 May 2006, Manoj Srivastava wrote:
It has come to my attention that Martin Kraff used an
unofficial, and easily forge-able, identity device at a large key
Is there any reason to revoke my signature I have
On Thu, 2006-05-25 at 16:16 -0500, Manoj Srivastava wrote:
On 25 May 2006, Stephen Frost spake thusly:
* Manoj Srivastava ([EMAIL PROTECTED]) wrote:
On 25 May 2006, Stephen Frost spake thusly:
I wasn't making any claim as to the general validity of IDs which
are purchased and I'm rather
On Fri, May 26, 2006 at 11:06:31AM -0500, Manoj Srivastava wrote:
On 26 May 2006, Thiemo Seufer outgrape:
Keysigning isn't for judging behaviour but for confirming identity.
* Michael Meskes:
This may be a silly question but doesn't my signature only state
that I certify this key
On Thu, May 25, 2006 at 08:00:23PM +0200, Javier Fernández-Sanguino Peña wrote:
FWIW, I noted down those keys I would *not* sign and didn't tell the people
at the KSP that I would not sign them. I guess his experiment only one in
ten said that they would *not* sign it is moot unless he backs it
On 5/26/06, Tollef Fog Heen [EMAIL PROTECTED] wrote:
While you're obviously free to set your own standards as to whose keysyou sign and not, I have come to the conclusion that the exact samespelling requirement doesn't make that much sense.As an example, take
Bdale whose real name isn't Bdale, but
On Thu, May 25, 2006 at 05:45:42PM -0700, Paul Johnson wrote:
On Thursday 25 May 2006 15:26, Mike Hommey wrote:
I'm pretty sure we can find official IDs that look so lame that you'd think
it's a fake (the old french ones could be good example, and i know people
who still use that as an
On Fri, May 26, 2006 at 09:52:48AM +0200, Tollef Fog Heen wrote:
Javier Fernández-Sanguino Peña wrote:
and not showing any passports or showing passports:
[...]
- which did not had the *same* spelling as the name in the key (letter by
letter)
will not get a signature from me.
On Fri, May 26, 2006 at 11:57:09AM +0200, Michael Meskes wrote:
On Thu, May 25, 2006 at 04:30:07PM -0500, Manoj Srivastava wrote:
On 25 May 2006, Andreas Tille spake thusly:
Is there any reason to revoke my signature I have put on
Martin's key after he showed me his passport?
* Michael Meskes:
This may be a silly question but doesn't my signature only state that I
certify this key really belongs to the person it seems to belong to?
Exactly. It does not tell us anything about your views regarding that
person or the purpose of the key itself.
--
To UNSUBSCRIBE,
On 26 May 2006, Wouter Verhelst told this:
On Fri, May 26, 2006 at 11:57:09AM +0200, Michael Meskes wrote:
This may be a silly question but doesn't my signature only state
that I certify this key really belongs to the person it seems to
belong to?
That aside, personally, I don't know what
On 26 May 2006, Thiemo Seufer outgrape:
Keysigning isn't for judging behaviour but for confirming identity.
* Michael Meskes:
This may be a silly question but doesn't my signature only state
that I certify this key really belongs to the person it seems to
belong to?
Exactly. It does not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Javier Fernández-Sanguino Peña wrote:
On Thu, May 25, 2006 at 05:45:42PM -0700, Paul Johnson wrote:
On Thursday 25 May 2006 15:26, Mike Hommey wrote:
[snip]
[0] As long as he doesn't go and vote too, since the people in the voting
table
would
On 26 May 2006, Matt Zagrabelny spake thusly:
On Thu, 2006-05-25 at 16:16 -0500, Manoj Srivastava wrote:
Cracking is not a scientific study.
cracking may not be, but determining the average number of people
who spot an unofficial id could be construed to be.
I can honestly state
On Sat, 27 May 2006, Penny Leach wrote:
struck me as a little bit silly. Penny is clearly short for Penelope.
Only if you are reasonably well acquinted with the English language and
usual english names and nicknames.
Perhaps this was my bad when I made the key displayed a lack of foresight.
[EMAIL PROTECTED] dijo [Fri, May 26, 2006 at 10:34:50AM -0500]:
know who Martin Krafft is; I've seen him at a number of FOSDEM
instances, and I've seen him last year in Helsinki, where I called
him by his name (to which he reacted), and where literally hundreds
of others did the same.
On 5/27/06, Henrique de Moraes Holschuh [EMAIL PROTECTED] wrote:
Only if you are reasonably well acquinted with the English language andusual english names and nicknames.This is true. One of the people at Debconf 5 I was thinking of, whose name I absolutely have no idea of anymore, was either a
On Sat, May 27, 2006 at 07:15:53AM +1200, Penny Leach wrote:
On 5/26/06, Tollef Fog Heen [EMAIL PROTECTED] wrote:
While you're obviously free to set your own standards as to whose keys
you sign and not, I have come to the conclusion that the exact same
spelling requirement doesn't make that
Penny Leach wrote:
Penny is clearly short for Penelope.
No, it is not _clear_. I don't have to know what are the short names
for almost any name around. I'm also confused with names in German
(correct me if wrong, please) containing, for example 'ö' and being
displayed as 'oe', or some of the
On Friday 26 May 2006 15:20, Ron Johnson wrote:
Javier Fernández-Sanguino Peña wrote:
On Thu, May 25, 2006 at 05:45:42PM -0700, Paul Johnson wrote:
On Thursday 25 May 2006 15:26, Mike Hommey wrote:
[snip]
[0] As long as he doesn't go and vote too, since the people in the voting
table
* Manoj Srivastava ([EMAIL PROTECTED]) wrote:
Explanation? What we have here is an act of bad faith, in the
guise of demonstrating a weakness. In my experience, one act of bad
faith often leads to others.
pffft. This is taking it to an extreme. He wasn't trying to fake who
he was,
* Stephen Frost ([EMAIL PROTECTED]) wrote:
* Manoj Srivastava ([EMAIL PROTECTED]) wrote:
On 25 May 2006, Stephen Frost verbalised:
* Manoj Srivastava ([EMAIL PROTECTED]) wrote:
Explanation? What we have here is an act of bad faith, in the guise
of demonstrating a weakness. In my
On 25 May 2006, Stephen Frost spake thusly:
* Manoj Srivastava ([EMAIL PROTECTED]) wrote:
On 25 May 2006, Stephen Frost spake thusly:
I wasn't making any claim as to the general validity of IDs which
are purchased and I'm rather annoyed that you attempted to
extrapolate it out to such. What
On Thu, May 25, 2006 at 04:16:24PM -0500, Manoj Srivastava [EMAIL PROTECTED]
wrote:
The KSP was cracked, People signed a key without ever looking
at proper, official ID. You can try and save face by calling it
whatever you want, but that does not change the reality.
Manoj, how do
Joey Hess [EMAIL PROTECTED] writes:
My memory is horrible, but IIRC James Troup (ie, our keymaster..) did
some similar study at the DebConf5 KSP and ended up with a list of
people whose GPG signtures he didn't trust anymore because of whatever
trick they fell for.
Err, for the record, no I
On 25 May 2006, Stephen Frost spake thusly:
* Manoj Srivastava ([EMAIL PROTECTED]) wrote:
On 25 May 2006, Stephen Frost verbalised:
* Manoj Srivastava ([EMAIL PROTECTED]) wrote:
Explanation? What we have here is an act of bad faith, in the
guise of demonstrating a weakness. In my experience,
On 25 May 2006, Luca Capello uttered the following:
Hello!
On Thu, 25 May 2006 15:39:44 +0200, Henrique de Moraes Holschuh wrote:
On Thu, 25 May 2006, Manoj Srivastava wrote:
It has come to my attention that Martin Kraff used an
unofficial, and easily forge-able, identity device at a large
* Manoj Srivastava ([EMAIL PROTECTED]) wrote:
On 25 May 2006, Stephen Frost verbalised:
* Manoj Srivastava ([EMAIL PROTECTED]) wrote:
Explanation? What we have here is an act of bad faith, in the guise
of demonstrating a weakness. In my experience, one act of bad faith
often leads to
On Thu, May 25, 2006 at 05:30:23PM +0200, Luca Capello wrote:
FYI, Martin's explanation is at [1], which passed on Planet Debian.
Thx, bye,
Gismo / Luca
[1] http://blog.madduck.net/geek/2006.05.24-tr-id-at-keysigning
FWIW, I noted down those keys I would *not* sign and didn't tell the
Hello!
On Thu, 25 May 2006 15:39:44 +0200, Henrique de Moraes Holschuh wrote:
On Thu, 25 May 2006, Manoj Srivastava wrote:
It has come to my attention that Martin Kraff used an
unofficial, and easily forge-able, identity device at a large key
[...]
Should you not have *signed* a
I think two related, but seperate, issues are being conflated in this
discussion.
The first is the identity of the person you are talking to at a key
signing event. This is, and always has been, the weakest point of the
affair. It is reasonably trivial to forge reasonable looking government
67 matches
Mail list logo
