[FOSDEM] Fake passport at FOSDEM 2016 keysigning?

[Francois Cartegnie]

Le 02/02/2016 16:41, Winfried Tilanus a écrit :
> I don't know the jurisprudence in Belgium, but for a Dutch court
> 'presenting a fake document as if it is real' is enough to convict.

Did he present it as if it was real ? AFAIK.

Was that a fake official document ? No.
AFAIK it wasn't written passport, using its colors. Only layout and text
was similar, but with safeguards.

(also see last paragraph)

> Beside that, I have only seen the fake ID, not the real ID. So I can't
> confirm anymore the identity of this person. (Whoever it is)

I agree this is a problem, but in that case, you can now only rely on
trust chain and spotters to guarantee it was the same (which doesn't
makes any difference as you won't sign it now).

> Yes it certainly does show a weakness in the system. I would really
> appreciate full disclosure (including scans of the used documents) so
> I can learn from the incident and discuss with the community on how to
> deal with it.

Learning from his address that he belongs to CaCert, you should head for
their stand at next fosdem and do the ID verification tests. They'll
probably show up.

(caution, pls do not incriminate cacert for the key-signing stuff)

> The test causes harm, as long as the signatures from the KSP for the
> offending key are in the web of trust. Until it is clear the offending
> key is revoked, I consider this an unethical hack.

Seems ok to me. He didn't try to acquire any benefits fraudulently and
even explained when spotted.

I would also quote FOSDEM's keysigning instructions:
" Please bring the printed list, a pen and appropriate form of
identification with you to FOSDEM 2016"

I can try to find any violation, i can't.
He had a list, a pen and a form of identification.

"After the participants have verified each other's identity, (...)"

Again, nothing here says that the form of ID must be official, issued by
a state.

Francois