Using the OTR plugin with Pidgin for verifying GPG public key fingerprints

Sun Mar 14 07:52:23 CET 2010

On Sun, Mar 14, 2010 at 8:08 AM, Robert J. Hansen <rjh at sixdemonbag.org> wrote:
> On 3/13/10 8:06 PM, erythrocyte wrote:
>> Umm.. if I understand the nature of the probability tests or
>> calculations just mentioned above, the results have to be accepted as
>> they are. They either got it wrong or right. Those individuals who got
>> it wrong might have actually had that thought, "hey, that's weird",
>> but eventually they did go ahead and make that wrong decision. I'm
>> just recollecting some probability concepts and hypothesis testing
>> concepts I learned a long time ago.
>
> You don't.
>
> If person A and person B disagree on whether something is fake, the
> operating assumption is that it's fake.  The burden is on the person
> claiming it's *not* fake to persuade the person claiming it *is* fake
> that they're wrong.
>
> Alan: "Hey, Bill, did you see this ID?  It looks fishy."
> Bill: "It looked good to me."
> Alan: "It doesn't look good to me."
> Bill: "Okay.  Let me show you why I thought it was good, and let's take
>       it from there..."

Hmmm...I know this is already getting off-topic. But let me qualify
that by saying that it really depends on what error you're calculating
here. From my understanding, the probabilities calculated give you
random error. That is "given a population of 4 people, there is a
68.4% chance that there would >=1 failures purely by random effects
regardless of what actions they may or may not take to influence their
chances of making a mistake" .

These calculations do not give you the effects of systematic error or
bias. Systematic error would be what you're referring to. That can be
different.

The sum error would be a combination of random and systematic error.

Of course, all of this gives us a picture of the average chances of
error. When it comes to individual people, like you and I, we are not
averages. Some of us will be more adept than others at not making
mistakes and that in turn will depend on a whole slew of other
factors. Now all of that should be taken into account when thinking
about one's security policy.

And I might add that all of this also depends on what your perspective
is. I for one did not envision a scenario where Alan and Bill from
your example, would discuss their ruminations with each other. Of
course that might happen. But not necessarily always. That's just
human behavior perhaps.

>> besides, even if the above weren't true, how do I know that
>> someone who does have that thought will make sure to check with others
>> at the keysigning party?
>
> There is a word for someone who keeps their mouth shut about fake IDs at
> keysigning parties.  That word is *conspirator*.

Or *incompetent*, *stupid*, *lazy*, *not learned*, *unsure*,
*unaware*, etc. It could be any combination of the above :-) .