Driving licence as identification and accepting signed keys without exchanging encrypted data

Tue Jul 25 12:38:51 CEST 2006

Hi all,

Tony Whitmore wrote:

> As I mentioned yesterday, I understand that it's my decision whether to trust 
> any particular piece of identification. I thought it would be worth finding 
> out whether there are any actual arguments for or against accepting such ID 
> which would help inform my decision.

You might take a look on the presented dokument itself.
Ask yourself a few questions:
- do I believe or even know that this is an official
  document (and not a fake)?
- is this something which could be faked easily?

I guess there is a difference for example between
the US drivers licenses and the new European ones
(regarding the possibility of faking these), I
feel that at least where I live (Germany) the
drivers license would be fairly equal to a
passport. But that's for sure not true for all
kinds of documents (eg. very old driving licenses
here). Another (more paranoid) question would be:
- do I believe that it is difficult in the country
  where the document was issued, to get it issued
  to a wrong name (by giving the officer a nice
  little present)? ;-)

And you might ask yourself for what purposes you
would use a validation according to the web of trust.
If my life would depend on it: No ways. For sending
some usual business information: No problem. ;-)

So I do accept passports / official IDs only
for my private key. With my company key I have to
be more relaxed (cause sometimes a good bit
of security is much more already than having
none at all). So my identification policy
depends on the key that's used. Schizophrenia!

Regards, Olaf

-- 
Dipl.Inform. Olaf Gellert                  PRESECURE (R)
Senior Researcher,                       Consulting GmbH
Phone: (+49) 0700 / PRESECURE           og at pre-secure.de

                        A daily view on Internet Attacks
                        https://www.ecsirt.net/sensornet