Driving licence as identification and accepting signed keys without exchanging encrypted data

David Shaw dshaw at jabberwocky.com
Mon Jul 24 23:50:36 CEST 2006


On Mon, Jul 24, 2006 at 10:40:55PM +0100, Tony Whitmore wrote:
> David Shaw wrote:
> > On Mon, Jul 24, 2006 at 09:50:22PM +0100, Tony Whitmore wrote:
> >> First: Is a photo driving licence considered adequate identification?
> >> I'm in the UK so we have UK / EU photo driving licences. I have
> >> previously only used passports as ID, but some people were presenting
> >> driving licences instead.
> > 
> > It depends on what *you* think.  Some people do accept driver licences
> > as adequate identification.  Some don't.  I do, for what it's worth.
> 
> I understand there is a personal decision to be made here, and that I
> have responsibility to be satisfied with the ID, but I don't know
> whether there are good arguments for/against accepting photo driving
> licences.

It comes down to whether you believe it is hard or easy to get a false
drivers license.  That is something that is going to be very different
in different places.  You also need to factor in whether you'd
recognize a fake drivers license anyway (I'm not sure I would - here
in the US there are over 50 types of drivers licenses)..

> > Note that there is a difference between what page at
> > http://www.hantslug.org.uk/cgi-bin/wiki.pl?LinuxHints/KeySigning says
> > and what you say above.  The page (correctly) notes that all that is
> > necessary is that the person *sign* the challenge before sending it
> > back to you.  The page makes clear ("encrypted, if you like") that
> > encryption is optional here, and adds little to what you are trying to
> > prove.  It doesn't matter if other people can read the signed
> > challenge or not.  Of course, it doesn't hurt to encrypt, so long as
> > it is understood that it doesn't really help either.
> 
> Yes, I realise I didn't phrase my explanation very well. The procedure I
> use is as described on the referenced web page. What should have been a
> separate comment was in regard to the encrypted e-mails *I* have been
> sent with signatures attached. In order to access the attached signature
> file, I have to be able to decrypt the e-mail, meaning I have to have
> access to my private key. If I don't have the private key, I can't
> decrypt the e-mail and can't access the signature to upload it. This
> seems to provide some sort of checking that the e-mail address ties up
> with the public and private keys, but again I'd like to hear what other
> people think.

The error here was made by the signer.  As you are the signee,
presumably you have good assurance that you are who you say you are.
I'd go ahead and upload the keys :)

David



More information about the Gnupg-users mailing list