Using the OTR plugin with Pidgin for verifying GPG public key fingerprints
firasmr786 at gmail.com
Sat Mar 13 08:14:59 CET 2010
On Sat, Mar 13, 2010 at 11:30 AM, Robert J. Hansen <rjh at sixdemonbag.org>wrote:
> > There's no way I could be trained enough to
> > recognize spoofing of the latter kind even at a keysigning party.
> A serious question here -- have you considered writing Immigration and
> Customs Enforcement or the Border Patrol (or equivalent groups, wherever you
> are) and asking them for information on how to distinguish real passports
> from forgeries?
> Most governments are very willing to tell people what to look for. It's in
> their best interests for official identity documents to not be forged, and
> for forgeries to be discovered as quickly as possible. When I've asked the
> United States government about this they've always been cooperative.
> You'd be amazed what you can learn just by having the chutzpah to walk up
> to someone who knows and saying, "hi, could you share?" :)
The reason I think that it's still difficult is because even immigration
officials get duped all the time.
> b. I just think the ease with which users can authenticate makes it
> > a good choice. The secret answer method of authenticating is
> > easy for most of my friends to understand.
> It is also a far weaker form of authentication than is often recommended
> for OpenPGP keys. Not that this makes the technique invalid, but the weaker
> authentication needs to at least be considered.
Okay. What weakness(es) do I need to be wary of?
> > Well, I do think that's such a relative thing. Just because you don't
> > notice these kinds of things going on in the place where you live
> > doesn't mean they don't happen. How many people actually bother to look?
> The United States has 1400 independent daily newspapers, each of whom
> employ a large number of people whose job it is to look. On top of that you
> have groups like the Innocence Project that look for abuses in criminal
> courts, you have groups like ACCURATE that look for abuses in voting, you
> The Western tradition of government usually involves a lot of people
> looking. This is certainly not to say that abuses don't happen -- they
> clearly do -- but they do not occur at the frequency many fear.
Pardon me for being skeptical about all of that. I realize that this is a
controversial issue and I'm respectful of what you believe.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-users