Using the OTR plugin with Pidgin for verifying GPG public key fingerprints

Robert J. Hansen rjh at
Sat Mar 13 08:44:56 CET 2010

> The reason I think that it's still difficult is because even immigration officials get duped all the time.   

Cites, please.  Show me studies showing how often immigration officials get duped, and how often they correctly flag false passports.

When verifying an identity document, the null hypothesis is "this document is invalid."  Rejecting a good passport is a Type I error; accepting a bad passport is a Type II error.  Please show me published estimates of Type I and Type II errors by immigration officials.  When you say "all the time," it seems that you mean the Type II error rate is through the roof, and I'm going to need evidence before I accept that claim.

Even then — so what?  Let's say the Type II rate is 25%.  That's a very high Type II rate; most people would think that failing to recognize one set of fake IDs per four is a really bad error rate.  Yet, if you're at a keysigning party where there are five people independently applying a 25%-faulty test, the likelihood of accepting a fake ID is under 1%.  

> Okay. What weakness(es) do I need to be wary of? 

See previous message.

> Pardon me for being skeptical about all of that. I realize that this is a controversial issue and I'm respectful of what you believe.

There is a difference between being skeptical and being cynical.  I am all in favor of skepticism, but modern cynicism is a puerile philosophy and I'll have none of it.  Skepticism insists on evidence at each step and follows that evidence wherever it leads.  Modern cynicism believes it already knows where that evidence must lead, and thus there's no need to discover evidence and reason concretely about one's discoveries.

More information about the Gnupg-users mailing list