Driving licence as identification and accepting signed keys without exchanging encrypted data

Tony Whitmore tony at tonywhitmore.co.uk
Tue Jul 25 11:30:33 CEST 2006

On Tue, Jul 25, 2006 at 02:29:23AM -0400, Atom Smasher wrote:
> no matter what anyone tells you is or isn't adequate, you have to decide 
> for yourself. this may help you figure it out - 
> http://www.linuxsecurity.com/content/view/121645/49/

Thanks Atom, that article was linked to from the thread suggested yesterday. 
It covers some interesting etiquette points, and certainly doesn't mention 
using a encrypted block of random data to further verify identity:

"If required, they may take this opportunity to present each other with formal 
identification. After enjoying each others' company, they each return home, 
verify each others' key information to be correct (between the papers they 
exchanged and the keys they are about to sign), and sign each others' keys. 
They may then exchange signed keys."

Yet it's already been suggested in this thread that this represents 
insufficient verification.

As I mentioned yesterday, I understand that it's my decision whether to trust 
any particular piece of identification. I thought it would be worth finding 
out whether there are any actual arguments for or against accepting such ID 
which would help inform my decision.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/attachments/20060725/ad727027/attachment.pgp

More information about the Gnupg-users mailing list