Re: Certificate profile for Biometrics information.

[Tony Bartoletti <azb@xxxxxxxx>]

At 03:37 PM 11/4/2002 -0500, Phillip H. Griffin wrote:
> Privacy objects are already available in X9.84 and XCBF and rely on
> the familiar EnvelopedData and EncryptedData, and a named variant of
> EncryptedData. But biometric information is public, not private. It's in your
> hair left on the brush in the hotel, in your prints left on the glass at 
> dinner, and
> by anyone who wishes to scan or photograph for the purpose of trying to mimic
> another.

I think there is a world of difference.  It is one thing for an individual 
to risk exposing themselves by physically following me around to gather 
hair from my comb, fingerprints from my dinner glass, etc.  It is another 
thing for someone half a world away to issue a query and obtain countless 
such samples.

The threat of the former capability does not justify enabling the latter 
capability.

(And if biometric data is essentially "public", what value has it in 
certification?)


Cheers!  ____tony____

>

Tony Bartoletti 925-422-3881 <azb@xxxxxxxx>
Information Operations and Assurance Center
Lawrence Livermore National Laboratory
Livermore, CA 94551-9900