Re: New proposed solution to the QC biometric issue

[Ben Laurie <ben@xxxxxxxxxxxxx>]

Denis Pinkas wrote:
> My comments are along the lines.
> > I have given this quite a thought the last days and I must say that I would favor an OPTIONAL URI pointer.
> 
> Also I do not feel strong on this issue, I would favor the opposite. :-(
> 
> The rational is as follows:
> 
> 1) This data is private and may be released onbly if the subject wishes it. So it is very unlikely that you will find it in an URL free of access.

What has this got to do with anything? Or are you suggesting that not
revealing the URL will secure it?

> 2) If the indication to fetch the information points to one of out several places, some people are going to argue that a sequence of such info is needed.

So give them a sequence! Is there a shortage or something?

> The basic question is whether the certificate should refer to the location of the biometric data or whether the biometric data should refer to the information in the certificate. I would think that the opposite is more meaningful.

Which one is the opposite? If you mean that the biometric data should
refer to the cert, how do I find it when all I have in my hand is a
cert?

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
     - Indira Gandhi