Driving licence as identification and accepting signed keys without exchanging encrypted data

Olaf Gellert og at pre-secure.de
Tue Jul 25 12:38:51 CEST 2006

Hi all,

Tony Whitmore wrote:

> As I mentioned yesterday, I understand that it's my decision whether to trust 
> any particular piece of identification. I thought it would be worth finding 
> out whether there are any actual arguments for or against accepting such ID 
> which would help inform my decision.

You might take a look on the presented dokument itself.
Ask yourself a few questions:
- do I believe or even know that this is an official
  document (and not a fake)?
- is this something which could be faked easily?

I guess there is a difference for example between
the US drivers licenses and the new European ones
(regarding the possibility of faking these), I
feel that at least where I live (Germany) the
drivers license would be fairly equal to a
passport. But that's for sure not true for all
kinds of documents (eg. very old driving licenses
here). Another (more paranoid) question would be:
- do I believe that it is difficult in the country
  where the document was issued, to get it issued
  to a wrong name (by giving the officer a nice
  little present)? ;-)

And you might ask yourself for what purposes you
would use a validation according to the web of trust.
If my life would depend on it: No ways. For sending
some usual business information: No problem. ;-)

So I do accept passports / official IDs only
for my private key. With my company key I have to
be more relaxed (cause sometimes a good bit
of security is much more already than having
none at all). So my identification policy
depends on the key that's used. Schizophrenia!

Regards, Olaf

Dipl.Inform. Olaf Gellert                  PRESECURE (R)
Senior Researcher,                       Consulting GmbH
Phone: (+49) 0700 / PRESECURE           og at pre-secure.de

                        A daily view on Internet Attacks

More information about the Gnupg-users mailing list