[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
QC's - for human eyes only?
- To: "Ietf-Pkix (E-mail)" <ietf-pkix@xxxxxxx>
- Subject: QC's - for human eyes only?
- From: Ilan Shacham <ilans@xxxxxxx>
- Date: Sun, 5 Dec 1999 14:39:13 +0200
Hi all,
Section 3.2.4 of the QC profile, which describes the biometricInfo
extension states:
" ...This extension SHALL only be used to store a hash of biometric
information suitable for human verification, i.e. where decision
whether this information is an accurate representation of the subject
is performed by a physical person. This implies a usage where the
biometric information is represented by for example a graphical
image, displayed to the relying party, which MAY be used by the
relying party to enhance identification of the subject..."
I don't see why we should limit ourselves in such a way, and not allow
for machine verification of biometric data (such as finger-prints, etc.).
It seems to me that even if today biometrics aren't advanced enough,
we should not limit ourselves towards the future.
Another shortcoming of the biometricInfo extension, is that it does
not allow for the actual biometric data to be included, but instead
mandates the data to be accessed through a URI. This approach
may be relevent today, when biometric data is large, and memory
on smartcards is limited, but surely advances in the future would
allow the actual biometric data to be put in the certificate, it would
be a shame to create a new extension for ActualBiometricInfo...
I could also see why it would be relevent not to rely on the network
for maintaining all the information needed to validate a certificate.
Comments?
Ilan
------------------------------------------------------------------------
Ilan Shacham mailto:ilans@arx.com
Algorithmic Research Ltd. http://www.arx.com
10 Nevatim St., phone: 972 - 3 - 9279540
Petach-Tikva, Israel Fax: 972 - 3 - 9230864