Using the OTR plugin with Pidgin for verifying GPG public key fingerprints

erythrocyte firasmr786 at
Sat Mar 13 08:14:59 CET 2010

On Sat, Mar 13, 2010 at 11:30 AM, Robert J. Hansen <rjh at>wrote:

> > There's no way I could be trained enough to
> > recognize spoofing of the latter kind even at a keysigning party.
> A serious question here -- have you considered writing Immigration and
> Customs Enforcement or the Border Patrol (or equivalent groups, wherever you
> are) and asking them for information on how to distinguish real passports
> from forgeries?
> Most governments are very willing to tell people what to look for.  It's in
> their best interests for official identity documents to not be forged, and
> for forgeries to be discovered as quickly as possible.  When I've asked the
> United States government about this they've always been cooperative.
> You'd be amazed what you can learn just by having the chutzpah to walk up
> to someone who knows and saying, "hi, could you share?"  :)

The reason I think that it's still difficult is because even immigration
officials get duped all the time.

>    b. I just think the ease with which users can authenticate makes it
> >       a good choice. The secret answer method of authenticating is
> >       easy for most of my friends to understand.
> It is also a far weaker form of authentication than is often recommended
> for OpenPGP keys.  Not that this makes the technique invalid, but the weaker
> authentication needs to at least be considered.

Okay. What weakness(es) do I need to be wary of?

> > Well, I do think that's such a relative thing. Just because you don't
> > notice these kinds of things going on in the place where you live
> > doesn't mean they don't happen. How many people actually bother to look?
> The United States has 1400 independent daily newspapers, each of whom
> employ a large number of people whose job it is to look.  On top of that you
> have groups like the Innocence Project that look for abuses in criminal
> courts, you have groups like ACCURATE that look for abuses in voting, you
> have...
> The Western tradition of government usually involves a lot of people
> looking.  This is certainly not to say that abuses don't happen -- they
> clearly do -- but they do not occur at the frequency many fear.

Pardon me for being skeptical about all of that. I realize that this is a
controversial issue and I'm respectful of what you believe.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20100313/8e2c5127/attachment-0001.htm>

More information about the Gnupg-users mailing list