[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Conclusion - Biometric inclusion in QC

To: Stefan Santesson <stefan@xxxxxxxxxxx>
Subject: Re: Conclusion - Biometric inclusion in QC
From: Lynn.Wheeler@xxxxxxxxxxxxx
Date: Thu, 8 Apr 1999 11:43:03 -0700
Cc: Denis Pinkas <Denis.Pinkas@xxxxxxxx>, IETF-PXIX <ietf-pkix@xxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxx

somewhat related is the AADS work on parameterised risk management
and certified assurance level of the various components (see various AADS
discussion at http://www.garlic.com/~lynn/). There has been the suggestion
that a consistent set of risk management & assurance level parameters be
specified so that they might also be used in certificate extensions (like does
an AADS authentication chipcard use pin activiation or biometric activation,
what is the assurance level of the chipcard, what assurance level is the
chip activiation, etc).

an issue with regard to AADS biometric is whether or not the biometric and
identification information is "public"  .... much of AADS use in civilian and
consumer scenerios worries about propogating identity information like
names around the net ... i.e. being able to do digital signed transactions
w/o having to divulge consumer name to parties involved.

Stefan Santesson <stefan@accurata.se> on 03/31/99 04:06:39 AM

To:   Denis Pinkas <Denis.Pinkas@bull.net>
cc:   IETF-PXIX <ietf-pkix@imc.org>
Subject:  Re: Conclusion - Biometric inclusion in QC

At 11:09 AM 3/31/99 +0200, Denis Pinkas wrote:
<snip>
>I do not believe you met any Dennis Pinkas, maybe you met a Denis Pinkas.

Sorry for that !

<snip>
>> And don't forget that putting a hash of a picture in a QC, is already a
>> valid option. For example you can use this hash as a unique identifier
>> (issued by the CA) and put it in the dNQualifier attribute. Then include an
>> attributeSemantics OID defining this property. And you are all set !!
>
>If I understand correctly, you mean that we have some means to have an
extension,
>... but we still need to define that extension.
>This is exactly what I am advocating for.
>

Not exactly an extension. We define a new "PersonalData" field stored in
the otherName field in the subjectAltName extension. All this is found in
section 3.2.1 of the draft.

This field has the capability you are asking for. i.e. holding a hash of a
photo, plus the fact that you can communicate to the relying party that it
does.

/Stefan

>Regards,
>
>Denis

-------------------------------------------------------------------
Stefan Santesson                <stefan@accurata.se>
Accurata Systems

äkerhet AB      http://www.accurata.se
Slagthuset                      Tel. +46-40 108588
211 20  Malmö                   Fax. +46-40 150790
Sweden                        Mobile +46-70 5247799

PGP fingerprint: 89BC 6C79 5B3D 591B 8547  1512 7D11 DBF4 528F 29A0
-------------------------------------------------------------------

Prev by Date: Trust, was Re: SEIS: Re: A $25,000,000,000 PKI
Next by Date: Re: A $25,000,000,000 PKI Was:Spec. on QC-low-fat &Q C-heavy-bio
Previous by thread: Re: Conclusion - Biometric inclusion in QC
Next by thread: Time-stamp server. TimePrecision info
Index(es):
- Date
- Thread