Driving licence as identification and accepting signed
keys without exchanging encrypted data
og at pre-secure.de
Tue Jul 25 12:38:51 CEST 2006
Tony Whitmore wrote:
> As I mentioned yesterday, I understand that it's my decision whether to trust
> any particular piece of identification. I thought it would be worth finding
> out whether there are any actual arguments for or against accepting such ID
> which would help inform my decision.
You might take a look on the presented dokument itself.
Ask yourself a few questions:
- do I believe or even know that this is an official
document (and not a fake)?
- is this something which could be faked easily?
I guess there is a difference for example between
the US drivers licenses and the new European ones
(regarding the possibility of faking these), I
feel that at least where I live (Germany) the
drivers license would be fairly equal to a
passport. But that's for sure not true for all
kinds of documents (eg. very old driving licenses
here). Another (more paranoid) question would be:
- do I believe that it is difficult in the country
where the document was issued, to get it issued
to a wrong name (by giving the officer a nice
little present)? ;-)
And you might ask yourself for what purposes you
would use a validation according to the web of trust.
If my life would depend on it: No ways. For sending
some usual business information: No problem. ;-)
So I do accept passports / official IDs only
for my private key. With my company key I have to
be more relaxed (cause sometimes a good bit
of security is much more already than having
none at all). So my identification policy
depends on the key that's used. Schizophrenia!
Dipl.Inform. Olaf Gellert PRESECURE (R)
Senior Researcher, Consulting GmbH
Phone: (+49) 0700 / PRESECURE og at pre-secure.de
A daily view on Internet Attacks
More information about the Gnupg-users