On Wed, Jun 07, 2006 at 01:22:56AM +0100, Wookey wrote:
> I have no idea what it would take to persuade you that I am who I say I am,
> but if you _only_ accept National Passports then it would appear to be
> impossible in my case (which I realise is something of a corner-case).
I would probably n
Steve Langasek <[EMAIL PROTECTED]> writes:
> On Sun, May 28, 2006 at 08:57:55PM -0700, Thomas Bushnell BSG wrote:
>
>> > If I were to crack a key signing party, using Bubba's travel
>> > documents, I too would swear up and down the street that he indeed
>> > correctly and diligently veri
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, 27 May 2006 16:21:22 -0700
Paul Johnson <[EMAIL PROTECTED]> wrote:
> On Saturday 27 May 2006 16:12, Ron Johnson wrote:
> > Paul Johnson wrote:
> > > On Saturday 27 May 2006 14:12, Steinar H. Gunderson wrote:
> > >> On Sat, May 27, 2006 at 01:5
On Sun, May 28, 2006 at 08:57:55PM -0700, Thomas Bushnell BSG wrote:
> > If I were to crack a key signing party, using Bubba's travel
> > documents, I too would swear up and down the street that he indeed
> > correctly and diligently verified all kinds of _other_ government
> > ID's whe
Junichi Uekawa <[EMAIL PROTECTED]> writes:
> This has opened a can of worms; because your transnational ID was as
> official as it could get. Most of us do not know what other countries
> consider to be official, and it's more of an intent and goodwill
> rather than scientific or legally binding o
Junichi Uekawa <[EMAIL PROTECTED]> wrote:
> This has opened a can of worms; because your transnational ID was as
> official as it could get. Most of us do not know what other countries
> consider to be official, and it's more of an intent and goodwill
> rather than scientific or legally binding of
Hi,
> First of all, my name is Martin Felix Krafft (with a final 't'), and
> my GPG key ID is 0x330c4a75. The unofficial ID I presented listed
> that name (without the middle name), a photo is available from [1]
> (sorry, can't do better now). Thus, the ID card is an unofficial
> card, but the ide
Quoting Andreas Barth ([EMAIL PROTECTED]):
> I know that Peter Palfrader (weasel) submits sometimes a clear fake key
> to KSPs and looks for people signing it. (No, there is nobody there who
> claims to be that person. Only the key on the list.)
For future reference, I personnally dislike people
On Sat, May 27, 2006 at 04:47:20PM -0500, martin f krafft wrote:
> The Debian project heavily relies on keysigning for much of its
> work. However, I think the question what the signing of a key
> actually accomplishes has not been properly addressed. In my
> opinion, from the point of view of the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Steve Langasek wrote:
> On Sat, May 27, 2006 at 03:41:58PM -0700, Paul Johnson wrote:
>> On Saturday 27 May 2006 14:12, Steinar H. Gunderson wrote:
>>> On Sat, May 27, 2006 at 01:54:03PM -0700, Paul Johnson wrote:
>> Oregon abolished the voting boo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Paul Johnson wrote:
> On Saturday 27 May 2006 16:12, Ron Johnson wrote:
>> Paul Johnson wrote:
>>> On Saturday 27 May 2006 14:12, Steinar H. Gunderson wrote:
On Sat, May 27, 2006 at 01:54:03PM -0700, Paul Johnson wrote:
>>> Oregon abolished th
On Saturday 27 May 2006 16:12, Ron Johnson wrote:
> Paul Johnson wrote:
> > On Saturday 27 May 2006 14:12, Steinar H. Gunderson wrote:
> >> On Sat, May 27, 2006 at 01:54:03PM -0700, Paul Johnson wrote:
> > Oregon abolished the voting booth in 2000
>
> Oh, so they get better counts and
On Sat, May 27, 2006 at 03:41:58PM -0700, Paul Johnson wrote:
> On Saturday 27 May 2006 14:12, Steinar H. Gunderson wrote:
> > On Sat, May 27, 2006 at 01:54:03PM -0700, Paul Johnson wrote:
> > >>> Oregon abolished the voting booth in 2000
> > >> Oh, so they get better counts and less fraud by doin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Paul Johnson wrote:
> On Saturday 27 May 2006 14:12, Steinar H. Gunderson wrote:
>> On Sat, May 27, 2006 at 01:54:03PM -0700, Paul Johnson wrote:
> Oregon abolished the voting booth in 2000
Oh, so they get better counts and less fraud by doing
On Saturday 27 May 2006 14:12, Steinar H. Gunderson wrote:
> On Sat, May 27, 2006 at 01:54:03PM -0700, Paul Johnson wrote:
> >>> Oregon abolished the voting booth in 2000
> >>
> >> Oh, so they get better counts and less fraud by doing away with ballot
> >> secrecy. How wonderful.
> >
> > No, that's
On Sat, May 27, 2006 at 01:54:03PM -0700, Paul Johnson wrote:
>>> Oregon abolished the voting booth in 2000
>> Oh, so they get better counts and less fraud by doing away with ballot
>> secrecy. How wonderful.
> No, that's not how it works, your ballot is still secret. Think about it for
> a minut
On Saturday 27 May 2006 06:17, Jacob S wrote:
> > Oregon abolished the voting booth in 2000: "Election Day" is
> > actually the last election day of six consecutive weeks we can vote
> > (beat that and your wussy six hours, America!), and we vote at home.
> > You have your option of mailing or ha
On Fri, May 26, 2006 at 04:54:19PM +0200, Javier Fernández-Sanguino Peña wrote:
> On Thu, May 25, 2006 at 05:45:42PM -0700, Paul Johnson wrote:
>> On Thursday 25 May 2006 15:26, Mike Hommey wrote:
>>> I'm pretty sure we can find official IDs that look so lame that you'd think
>>> it's a fake
> Al
On Sat, May 27, 2006 at 04:04:33PM +0200, Moritz Muehlenhoff wrote:
> > That being said I (personally) already decided not to sign people that
> > showed
> > me something that was *not* a passport and noted that in my KSP paper page
> > through it. Unfortunately, I'm not confindent in my ability t
On Fri, May 26, 2006 at 05:20:59PM -0500, Ron Johnson wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Javier Fernández-Sanguino Peña wrote:
> > On Thu, May 25, 2006 at 05:45:42PM -0700, Paul Johnson wrote:
> >> On Thursday 25 May 2006 15:26, Mike Hommey wrote:
> [snip]
> > [0] As long
On Fri, May 26, 2006 at 03:09:04PM +0200, Filippo Giunchedi wrote:
> On Thu, May 25, 2006 at 08:00:23PM +0200, Javier Fernández-Sanguino Peña
> wrote:
> > FWIW, I noted down those keys I would *not* sign and didn't tell the people
> > at the KSP that I would not sign them. I guess his experiment "
Javier Fernández-Sanguino Peña wrote:
> On Thu, May 25, 2006 at 05:30:23PM +0200, Luca Capello wrote:
> > FYI, Martin's explanation is at [1], which passed on Planet Debian.
> >
> > Thx, bye,
> > Gismo / Luca
> >
> > [1] http://blog.madduck.net/geek/2006.05.24-tr-id-at-keysigning
>
> FWIW, I not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 26 May 2006 16:24:27 -0700
Paul Johnson <[EMAIL PROTECTED]> wrote:
> On Friday 26 May 2006 15:20, Ron Johnson wrote:
> > Javier Fernández-Sanguino Peña wrote:
> > > On Thu, May 25, 2006 at 05:45:42PM -0700, Paul Johnson wrote:
> > >> On Thursd
On Friday 26 May 2006 15:20, Ron Johnson wrote:
> Javier Fernández-Sanguino Peña wrote:
> > On Thu, May 25, 2006 at 05:45:42PM -0700, Paul Johnson wrote:
> >> On Thursday 25 May 2006 15:26, Mike Hommey wrote:
>
> [snip]
>
> > [0] As long as he doesn't go and vote too, since the people in the voting
Penny Leach wrote:
>Penny is clearly short for Penelope.
No, it is not _clear_. I don't have to know what are the short names
for almost any name around. I'm also confused with names in German
(correct me if wrong, please) containing, for example 'ö' and being
displayed as 'oe', or some of the
On Sat, May 27, 2006 at 07:15:53AM +1200, Penny Leach wrote:
> On 5/26/06, Tollef Fog Heen <[EMAIL PROTECTED]> wrote:
> While you're obviously free to set your own standards as to whose keys
> >you sign and not, I have come to the conclusion that the "exact same
> >spelling" requirement doesn't ma
On 5/27/06, Henrique de Moraes Holschuh <[EMAIL PROTECTED]> wrote:
Only if you are reasonably well acquinted with the English language andusual english names and nicknames.This is true. One of the people at Debconf 5 I was thinking of, whose name I absolutely have no idea of anymore, was either a n
[EMAIL PROTECTED] dijo [Fri, May 26, 2006 at 10:34:50AM -0500]:
> > know who Martin Krafft is; I've seen him at a number of FOSDEM
> > instances, and I've seen him last year in Helsinki, where I called
> > him by his name (to which he reacted), and where literally hundreds
> > of others did the sam
On Sat, 27 May 2006, Penny Leach wrote:
> struck me as a little bit silly. Penny is clearly short for Penelope.
Only if you are reasonably well acquinted with the English language and
usual english names and nicknames.
> Perhaps this was my bad when I made the key & displayed a lack of foresight.
On 26 May 2006, Matt Zagrabelny spake thusly:
> On Thu, 2006-05-25 at 16:16 -0500, Manoj Srivastava wrote:
>> Cracking is not a scientific study.
>
> cracking may not be, but determining the average number of people
> who spot an unofficial id could be construed to be.
I can honestly stat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Javier Fernández-Sanguino Peña wrote:
> On Thu, May 25, 2006 at 05:45:42PM -0700, Paul Johnson wrote:
>> On Thursday 25 May 2006 15:26, Mike Hommey wrote:
[snip]
> [0] As long as he doesn't go and vote too, since the people in the voting
> table
> wou
On 26 May 2006, Thiemo Seufer outgrape:
> Keysigning isn't for judging behaviour but for confirming identity.
> * Michael Meskes:
>
>> This may be a silly question but doesn't my signature only state
>> that I certify this key really belongs to the person it seems to
>> belong to?
>
> Exactly. It
On 26 May 2006, Wouter Verhelst told this:
> On Fri, May 26, 2006 at 11:57:09AM +0200, Michael Meskes wrote:
>> This may be a silly question but doesn't my signature only state
>> that I certify this key really belongs to the person it seems to
>> belong to?
>
> That aside, personally, I don't kno
* Michael Meskes:
> This may be a silly question but doesn't my signature only state that I
> certify this key really belongs to the person it seems to belong to?
Exactly. It does not tell us anything about your views regarding that
person or the purpose of the key itself.
--
To UNSUBSCRIBE,
On Fri, May 26, 2006 at 11:57:09AM +0200, Michael Meskes wrote:
> On Thu, May 25, 2006 at 04:30:07PM -0500, Manoj Srivastava wrote:
> > On 25 May 2006, Andreas Tille spake thusly:
> > > Is there any reason to revoke my signature I have put on
> > > Martin's key after he showed me his passport?
> >
On Fri, May 26, 2006 at 09:52:48AM +0200, Tollef Fog Heen wrote:
> Javier Fernández-Sanguino Peña wrote:
>
> >and not showing any passports or showing passports:
>
> [...]
>
> >- which did not had the *same* spelling as the name in the key (letter by
> > letter)
> >
> >will not get a signature
On Thu, May 25, 2006 at 05:45:42PM -0700, Paul Johnson wrote:
> On Thursday 25 May 2006 15:26, Mike Hommey wrote:
> >
> > I'm pretty sure we can find official IDs that look so lame that you'd think
> > it's a fake (the old french ones could be good example, and i know people
> > who still use that
On 5/26/06, Tollef Fog Heen <[EMAIL PROTECTED]> wrote:
While you're obviously free to set your own standards as to whose keysyou sign and not, I have come to the conclusion that the "exact samespelling" requirement doesn't make that much sense. As an example, take
Bdale whose real name isn't Bdale
On Thu, May 25, 2006 at 08:00:23PM +0200, Javier Fernández-Sanguino Peña wrote:
> FWIW, I noted down those keys I would *not* sign and didn't tell the people
> at the KSP that I would not sign them. I guess his experiment "only one in
> ten said that they would *not* sign it" is moot unless he back
On Fri, May 26, 2006 at 11:06:31AM -0500, Manoj Srivastava wrote:
> On 26 May 2006, Thiemo Seufer outgrape:
>
> > Keysigning isn't for judging behaviour but for confirming identity.
> > * Michael Meskes:
> >
> >> This may be a silly question but doesn't my signature only state
> >> that I certify
On Thu, 2006-05-25 at 16:16 -0500, Manoj Srivastava wrote:
> On 25 May 2006, Stephen Frost spake thusly:
>
> > * Manoj Srivastava ([EMAIL PROTECTED]) wrote:
> >> On 25 May 2006, Stephen Frost spake thusly:
> >>> I wasn't making any claim as to the general validity of IDs which
> >>> are purchased
Manoj Srivastava wrote:
> On 25 May 2006, Andreas Tille spake thusly:
>
> > On Thu, 25 May 2006, Manoj Srivastava wrote:
> >
> >> It has come to my attention that Martin Kraff used an
> >> unofficial, and easily forge-able, identity device at a large key
> >
> > Is there any reason to revoke my si
On Thu, May 25, 2006 at 04:30:07PM -0500, Manoj Srivastava wrote:
> On 25 May 2006, Andreas Tille spake thusly:
> > Is there any reason to revoke my signature I have put on
> > Martin's key after he showed me his passport?
>
> In my opinion, yes, if you consider subverting the KSP like
>
Manoj Srivastava <[EMAIL PROTECTED]> wrote:
> On 25 May 2006, Stephen Frost verbalised:
>
>> * Manoj Srivastava ([EMAIL PROTECTED]) wrote:
>>> Explanation? What we have here is an act of bad faith, in the guise
>>> of demonstrating a weakness. In my experience, one act of bad faith
>>> often leads
Javier Fernández-Sanguino Peña wrote:
and not showing any passports or showing passports:
[...]
- which did not had the *same* spelling as the name in the key (letter by
letter)
will not get a signature from me.
While you're obviously free to set your own standards as to whose keys
yo
Manoj Srivastava wrote:
> On 25 May 2006, Stephen Frost verbalised:
>
> > * Manoj Srivastava ([EMAIL PROTECTED]) wrote:
> >> Explanation? What we have here is an act of bad faith, in the guise
> >> of demonstrating a weakness. In my experience, one act of bad faith
> >> often leads to others.
> >
James Troup wrote:
> My key was part of the DC4 KSP materials, but I didn't manage to
> attend in the end. A couple of people signed my key despite my lack
> of attendance and one of them an NM applicant, IIRC. Again from
> memory, Martin talked to the NM in question who was very apologetic,
> cl
On Thursday 25 May 2006 15:26, Mike Hommey wrote:
> On Thu, May 25, 2006 at 04:16:24PM -0500, Manoj Srivastava
<[EMAIL PROTECTED]> wrote:
> > The KSP was cracked, People signed a key without ever looking
> > at proper, official ID. You can try and save face by calling it
> > whatever yo
* Joey Hess ([EMAIL PROTECTED]) [060526 10:17]:
> My memory is horrible, but IIRC James Troup (ie, our keymaster..) did
> some similar study at the DebConf5 KSP and ended up with a list of
> people whose GPG signtures he didn't trust anymore because of whatever
> trick they fell for.
I know that P
On Thu, May 25, 2006 at 02:12:25PM -0500, Manoj Srivastava wrote:
> He has already bragged about how he cracked the KSP by
> presenting an unofficial ID which he bought -- an action designed to
> show the weakness of signing parties. So, this was a bad faith act,
> since the action was
On Thu, May 25, 2006 at 02:12:25PM -0500, Manoj Srivastava wrote:
> On 25 May 2006, Stephen Frost spake thusly:
> >>> pffft. This is taking it to an extreme. He wasn't trying to fake
> >>> who he was, it just wasn't an ID issued by a generally recognized
> >>> government (or perhaps not a govern
On 25 May 2006, Andreas Tille spake thusly:
> On Thu, 25 May 2006, Manoj Srivastava wrote:
>
>> It has come to my attention that Martin Kraff used an
>> unofficial, and easily forge-able, identity device at a large key
>
> Is there any reason to revoke my signature I have put on
> Martin's key aft
On Thu, May 25, 2006 at 04:08:31PM -0400, Stephen Frost wrote:
> He didn't try to dupe people and this claim is getting rather old.
> Duping people would have actually been putting false information on the
> ID and generating a fake key and trying to get someone to sign off on
> the fake key based
My memory is horrible, but IIRC James Troup (ie, our keymaster..) did
some similar study at the DebConf5 KSP and ended up with a list of
people whose GPG signtures he didn't trust anymore because of whatever
trick they fell for.
This thread seems entirely blown out of porportion.
--
see shy jo
* Manoj Srivastava ([EMAIL PROTECTED]) wrote:
> On 25 May 2006, Stephen Frost spake thusly:
> > I wasn't making any claim as to the general validity of IDs which
> > are purchased and I'm rather annoyed that you attempted to
> > extrapolate it out to such. What I said is that he wasn't trying to
>
On 25 May 2006, Stephen Frost verbalised:
> * Manoj Srivastava ([EMAIL PROTECTED]) wrote:
>> Explanation? What we have here is an act of bad faith, in the guise
>> of demonstrating a weakness. In my experience, one act of bad faith
>> often leads to others.
>
> pffft. This is taking it to an extr
I think two related, but seperate, issues are being conflated in this
discussion.
The first is the identity of the person you are talking to at a key
signing event. This is, and always has been, the weakest point of the
affair. It is reasonably trivial to forge reasonable looking government
docu
Hello!
On Thu, 25 May 2006 15:39:44 +0200, Henrique de Moraes Holschuh wrote:
> On Thu, 25 May 2006, Manoj Srivastava wrote:
>> It has come to my attention that Martin Kraff used an
>> unofficial, and easily forge-able, identity device at a large key
> [...]
>
> Should you not have *signe
On Thu, May 25, 2006 at 05:30:23PM +0200, Luca Capello wrote:
> FYI, Martin's explanation is at [1], which passed on Planet Debian.
>
> Thx, bye,
> Gismo / Luca
>
> [1] http://blog.madduck.net/geek/2006.05.24-tr-id-at-keysigning
FWIW, I noted down those keys I would *not* sign and didn't tell th
* Manoj Srivastava ([EMAIL PROTECTED]) wrote:
> On 25 May 2006, Stephen Frost verbalised:
> > * Manoj Srivastava ([EMAIL PROTECTED]) wrote:
> >> Explanation? What we have here is an act of bad faith, in the guise
> >> of demonstrating a weakness. In my experience, one act of bad faith
> >> often le
On 25 May 2006, Luca Capello uttered the following:
> Hello!
>
> On Thu, 25 May 2006 15:39:44 +0200, Henrique de Moraes Holschuh wrote:
>> On Thu, 25 May 2006, Manoj Srivastava wrote:
>>> It has come to my attention that Martin Kraff used an
>>> unofficial, and easily forge-able, identity device a
On 25 May 2006, Stephen Frost spake thusly:
> * Manoj Srivastava ([EMAIL PROTECTED]) wrote:
>> On 25 May 2006, Stephen Frost verbalised:
>>> * Manoj Srivastava ([EMAIL PROTECTED]) wrote:
Explanation? What we have here is an act of bad faith, in the
guise of demonstrating a weakness. In m
Joey Hess <[EMAIL PROTECTED]> writes:
> My memory is horrible, but IIRC James Troup (ie, our keymaster..) did
> some similar study at the DebConf5 KSP and ended up with a list of
> people whose GPG signtures he didn't trust anymore because of whatever
> trick they fell for.
Err, for the record, n
On Thu, May 25, 2006 at 04:16:24PM -0500, Manoj Srivastava <[EMAIL PROTECTED]>
wrote:
> The KSP was cracked, People signed a key without ever looking
> at proper, official ID. You can try and save face by calling it
> whatever you want, but that does not change the reality.
Manoj, how
On 25 May 2006, Stephen Frost spake thusly:
> * Manoj Srivastava ([EMAIL PROTECTED]) wrote:
>> On 25 May 2006, Stephen Frost spake thusly:
>>> I wasn't making any claim as to the general validity of IDs which
>>> are purchased and I'm rather annoyed that you attempted to
>>> extrapolate it out to
* Stephen Frost ([EMAIL PROTECTED]) wrote:
> * Manoj Srivastava ([EMAIL PROTECTED]) wrote:
> > On 25 May 2006, Stephen Frost verbalised:
> > > * Manoj Srivastava ([EMAIL PROTECTED]) wrote:
> > >> Explanation? What we have here is an act of bad faith, in the guise
> > >> of demonstrating a weakness.
* Manoj Srivastava ([EMAIL PROTECTED]) wrote:
> Explanation? What we have here is an act of bad faith, in the
> guise of demonstrating a weakness. In my experience, one act of bad
> faith often leads to others.
pffft. This is taking it to an extreme. He wasn't trying to fake who
he wa
67 matches
Mail list logo
