Using the OTR plugin with Pidgin for verifying GPG public key fingerprints

erythrocyte firasmr786 at gmail.com
Sat Mar 13 08:14:59 CET 2010 

On Sat, Mar 13, 2010 at 11:30 AM, Robert J. Hansen <rjh at sixdemonbag.org>wrote:

> > There's no way I could be trained enough to
> > recognize spoofing of the latter kind even at a keysigning party.
>
> A serious question here -- have you considered writing Immigration and
> Customs Enforcement or the Border Patrol (or equivalent groups, wherever you
> are) and asking them for information on how to distinguish real passports
> from forgeries?
>
> Most governments are very willing to tell people what to look for.  It's in
> their best interests for official identity documents to not be forged, and
> for forgeries to be discovered as quickly as possible.  When I've asked the
> United States government about this they've always been cooperative.
>
> You'd be amazed what you can learn just by having the chutzpah to walk up
> to someone who knows and saying, "hi, could you share?"  :)
>


The reason I think that it's still difficult is because even immigration
officials get duped all the time.


>    b. I just think the ease with which users can authenticate makes it
> >       a good choice. The secret answer method of authenticating is
> >       easy for most of my friends to understand.
>
> It is also a far weaker form of authentication than is often recommended
> for OpenPGP keys.  Not that this makes the technique invalid, but the weaker
> authentication needs to at least be considered.
>


Okay. What weakness(es) do I need to be wary of?



> > Well, I do think that's such a relative thing. Just because you don't
> > notice these kinds of things going on in the place where you live
> > doesn't mean they don't happen. How many people actually bother to look?
>
> The United States has 1400 independent daily newspapers, each of whom
> employ a large number of people whose job it is to look.  On top of that you
> have groups like the Innocence Project that look for abuses in criminal
> courts, you have groups like ACCURATE that look for abuses in voting, you
> have...
>
> The Western tradition of government usually involves a lot of people
> looking.  This is certainly not to say that abuses don't happen -- they
> clearly do -- but they do not occur at the frequency many fear.
>


Pardon me for being skeptical about all of that. I realize that this is a
controversial issue and I'm respectful of what you believe.

--
erythrocyte
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20100313/8e2c5127/attachment-0001.htm>

More information about the Gnupg-users mailing list