[Cryptography] IDs and licenses, not Possible reason why password usage rules
Howard Chu
hyc at symas.com
Fri Mar 6 14:53:07 EST 2020
John Levine wrote:
> In article <abf9eebe-5e85-98ed-4ecc-1f64827ee5b0 at symas.com> you write:
>> The discussion here is why you can't use an expired photo ID for travel.
>> Doesn't matter whether it's a driver's license or some other government
>> issued ID.
>
> Here's a simple thought experiment. I book a plane ticket but I am a
> very bad driver so the state revokes my license. I still have the
> physical card and the expiration date is in the future.
>
> I take the train to the airport, and at security I present that
> revoked license. The TSA guy waves the little blue light at it (which
> only detects cheap fakes that teens use to sneak into bars) and lets
> me on the plane. Is that a problem? Not that I can see, since I'm
> riding on the plane, not driving it.
>
>> It *might* have identified you. It may be that you're John's brother who's
>> wanted for murder, trying to leave the country, and John actually has
>> the currently valid ID in his possession.
>
> This is what Bruce Schneier calls a "movie plot threat." We appear to
> be done.
This is the same scenario as browsing to a website with an expired TLS cert.
Most of the time it will be safe to ignore the fact that it's expired, and
continue browsing. But it presents an opportunity for hijacking the site,
which is why current browsers won't let you proceed (without extra hassle).
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the cryptography
mailing list