Re: Why are in-person meetings required for the debian keyring?

To: debian-project@lists.debian.org
Subject: Re: Why are in-person meetings required for the debian keyring?
From: Christian Kastner <debian@kvr.at>
Date: Thu, 12 Feb 2015 23:50:06 +0100
Message-id: <[🔎] 54DD2E1E.4010404@kvr.at>
In-reply-to: <[🔎] 878ug27qcs.fsf@thinkpad.rath.org>
References: <[🔎] 87r3twgsvb.fsf@thinkpad.rath.org> <[🔎] 87twysi3rt.fsf@hands.com> <[🔎] 20150211204508.GA24789@helios.pault.ag> <[🔎] 54DC0AFB.8090302@kvr.at> <[🔎] 87bnkzqc73.fsf@thinkpad.rath.org> <[🔎] 54DD054B.9020709@kvr.at> <[🔎] 87mw4iao0v.fsf@hope.eyrie.org> <[🔎] 54DD137D.6060401@kvr.at> <[🔎] 878ug27qcs.fsf@thinkpad.rath.org>

On 2015-02-12 22:49, Nikolaus Rath wrote:
> Christian Kastner <debian@kvr.at> writes:
>> I of course agree with the first part, but I have to disagree with the
>> last sentence: I think it does increase the risk for the attacker.
>> Because even if the ID is fake, I still have seen a person, and a face,
>> I could describe. I could point out that person to others at next
>> DebConf.
> 
> I very much doubt that. During a typical keysigning party (at least
> those that I've seen or attended), you look at tens of faces within just
> a few minutes. Do you really think that you'd be able to recall and
> describe a particular face several months (or years) later, given only a
> name?

Good point. No, for some of the participants, I would not be able to do
that. But for most, I still can. After all, the keysigning party is not
the only place you interact with these same people. And perhaps of the
tens of participants, there are some who have a better memory for faces
than I do.

Nevertheless, showing up would still be a risk, and as much as one might
be able to game and reduce this risk, it would still be higher compared
to the risk faced without any personal interaction at all, which is zero.

Reply to:

References:
- Why are in-person meetings required for the debian keyring?
  - From: Nikolaus Rath <Nikolaus@rath.org>
- Re: Why are in-person meetings required for the debian keyring?
  - From: Philip Hands <phil@hands.com>
- Re: Why are in-person meetings required for the debian keyring?
  - From: Paul Tagliamonte <paultag@debian.org>
- Re: Why are in-person meetings required for the debian keyring?
  - From: Christian Kastner <debian@kvr.at>
- Re: Why are in-person meetings required for the debian keyring?
  - From: Nikolaus Rath <Nikolaus@rath.org>
- Re: Why are in-person meetings required for the debian keyring?
  - From: Christian Kastner <debian@kvr.at>
- Re: Why are in-person meetings required for the debian keyring?
  - From: Russ Allbery <rra@debian.org>
- Re: Why are in-person meetings required for the debian keyring?
  - From: Christian Kastner <debian@kvr.at>
- Re: Why are in-person meetings required for the debian keyring?
  - From: Nikolaus Rath <Nikolaus@rath.org>

Prev by Date: Re: Why are in-person meetings required for the debian keyring?
Next by Date: Re: Mentoring of the Month for woman
Previous by thread: Re: Why are in-person meetings required for the debian keyring?
Next by thread: Re: Why are in-person meetings required for the debian keyring?
Index(es):
- Date
- Thread