Using the OTR plugin with Pidgin for verifying GPG public key fingerprints

erythrocyte firasmr786 at gmail.com
Sun Mar 14 02:06:04 CET 2010


On Sat, Mar 13, 2010 at 10:04 PM, Robert J. Hansen <rjh at sixdemonbag.org> wrote:
>
> 99.6%; a little different.  The binomial theorem gives us the correct numbers.
>
> 0 failures: 31.6%
> 1 failure: 42.2%
> 2 failures: 21.1%
> 3 failures: 4.7%
> 4 failures: 0.4%

Alrighty... :-) . So the combined probability that there would be >= 1
failures would be 68.4% .


> Anyway. [...] someone at the keysigning party will say, "hey, that's weird!" and show it to everyone else at the keysigning party.

Umm.. if I understand the nature of the probability tests or
calculations just mentioned above, the results have to be accepted as
they are. They either got it wrong or right. Those individuals who got
it wrong might have actually had that thought, "hey, that's weird",
but eventually they did go ahead and make that wrong decision. I'm
just recollecting some probability concepts and hypothesis testing
concepts I learned a long time ago.

And besides, even if the above weren't true, how do I know that
someone who does have that thought will make sure to check with others
at the keysigning party?

> ...assuming there's not some deep systemic reason for the failure (i.e., all
> trials are independent), you still have nothing to worry about....

I guess depending on one's security policy or requirements that's a
pretty weighty assumption to make.

Also, there's a difference between deciding a stranger's identity
solely based on a passport/national ID versus checking his/her ID
_and_ getting to know them a little better. And that decision lies in
the hands of the user. It's a more social issue I guess.

Anyhow, I've learned so much from this great discussion over the past
few days. Let me thank all who've cared to enlighten a new user such
as me about these things. This is definitely a great community! :-)



More information about the Gnupg-users mailing list