Technological Neutrality of the Total PKI - Was Re: Common misconceptions, was Re: KISS for PKIX.

["Todd S. Glassey" <Todd.Glassey@xxxxxxxxxxxxxxxxxx>]

Anders

> >
> >But Biometrics only addressses the Retail POS style model, becuase once
the
> >Biometric data is captured, it takes on the same vulnerability as the
reast
> >of the sata used as the auth enablement.
>
> Hum, I don't really think we are talking about the same thing.

Actually we are, and I think thats the problem.

>Biometrics in this
> context is a tool for a CA to bind a physical person (body) to a
certificate.  Could
> use fingerprint or DNA fingerprints.  IMO physical person (body) is
stronger than
> identity as the latter can be forged much easier and is sometimes
impossible
> to verify (no papers available).

Yes this is true, but what does it have to do with the original question?
that's not the context of this effort. The intent is to create better
systems to prove the conveyance on "human intent" into a digital context.
And since the systems themselves have no cogniscent existence under any law
on this planet, we have a minor goochie to deal with here.

In closing, I think that Biometrics like any other ancillary or secondary
auth model are usually only good for proof for the question: "was the person
who this act is done by actually the participant in the act"? It does
nothing to deal with conveyance in the third person or provide the ability
to have an act somewhere down the line be proven to be one of the one's that
this particular person intended to have happen and that they happened when
and how they were supposed to.


Todd