Noah Silva recently brought this interesting 1994 article on DMV data exchange by Simson Garfinkel to the attention of the [EMAIL PROTECTED] list:
>http://www.wired.com/wired/archive/2.02/dmv_pr.html The article discusses the AAMVAnet system and the extent to which the threat of revocation of driver's license is already being used as a tool for social control. It's also clear that the state DMVs are in a unique position to provide identity information for a future PKI. I did some poking around on Google to see what has been happening in this area since then. I found the American Association of Motor Vehicle Administrators web site which announces: "On October 24, 2001, AAMVA's Executive Committee passed a resolution creating a Special Task Force on Identification Security to develop a strategy on enhancing the issuance of secure identification credentials for driver licensing and photo ID purposes, and to develop short- and long-term priorities and actions." http://www.aamva.com/drivers/drvIDSecurityindex.asp They already have a standard for Driver IDs that is available on-line http://www.aamva.com/standards/stdAAMVADLIdStandard2000.asp http://www.aamva.com/Documents/stdAAMVADLIDStandrd000630.pdf (full text) It is a very through and detailed document that builds on a raft of existing international standards (smart cards, bar codes, JPEG, etc.) and US DMV and LE practices (data dictionaries, encodings, fingerprint and signature storage, etc.). It does not prescribe any card technology, but sets standards to be used if a technology is selected. What is strikingly to me about the document is the complete lack of cryptographic standards. The document specifically discourages encryption of machine readable data unless required by law. In a very interesting Appendix H on physical security measures, digital signatures are mentioned only in passing under Machine Readable Data: "Common techniques to ensure data integrity include: Check digits and data encryption (presumably with public key encryption) For IC cards, tamper detection and chip disabling; and digital signatures for all data written to the chip." That's it! There is a set of proposed revisions to the standard, but they are only accessible to AAMVA members. I don't know if the revisions address crypto issues, but from the quote above, I suspect they have a long way to go. Arnold Reinhold --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]