Driving licence as identification and accepting signed keys
without exchanging encrypted data
Tony Whitmore
tony at tonywhitmore.co.uk
Tue Jul 25 11:30:33 CEST 2006
On Tue, Jul 25, 2006 at 02:29:23AM -0400, Atom Smasher wrote:
> no matter what anyone tells you is or isn't adequate, you have to decide
> for yourself. this may help you figure it out -
> http://www.linuxsecurity.com/content/view/121645/49/
Thanks Atom, that article was linked to from the thread suggested yesterday.
It covers some interesting etiquette points, and certainly doesn't mention
using a encrypted block of random data to further verify identity:
"If required, they may take this opportunity to present each other with formal
identification. After enjoying each others' company, they each return home,
verify each others' key information to be correct (between the papers they
exchanged and the keys they are about to sign), and sign each others' keys.
They may then exchange signed keys."
Yet it's already been suggested in this thread that this represents
insufficient verification.
As I mentioned yesterday, I understand that it's my decision whether to trust
any particular piece of identification. I thought it would be worth finding
out whether there are any actual arguments for or against accepting such ID
which would help inform my decision.
Cheers,
Tony
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/attachments/20060725/ad727027/attachment.pgp
More information about the Gnupg-users
mailing list