[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Stray Poll: Finger-prints in QCs

To: "Anders Rundgren" <anders.rundgren@xxxxxxxxxx>, "PKIX-List" <ietf-pkix@xxxxxxx>
Subject: Re: Stray Poll: Finger-prints in QCs
From: Tony Bartoletti <azb@xxxxxxxx>
Date: Mon, 06 Dec 1999 14:38:40 -0800
In-reply-to: <>

Anders,

Putting philosophy aside, I am not against the inclusion of any
option, technically.  But I confess to being behind the curve on
the distinctions made regarding "options" and "future extensibility".

Ilam asked why the profile limits discussion to "human-on-hand"
biometric authentication.  This makes sense, as Steven Kent noted.
That is, in remote authentication, biometric data is only useful
if it is absolutely secret.  But then, ANYTHING absolutely secret
would do just as well, and biometric data would certainly NOT be
the best choice.  I might pick up your fingerprints or DNA trace
from an unwashed drinking glass.  But you take better care with
your secret keys, I suppose.

Ilam also asked why the limitation to a hash.  Here, I agree that
size limitations seem short-sighted.  Bob Jueneman's "JPG of my cat"
comes to mind.  Why not allow for unlimited size, given systems that
can handle it.

Denis Pinkas states that X509V3 allows extensions that can be
"defined later, when it becomes appropriate".  So, when does it
become appropriate?  And can such extensions be added unilaterally
by the parties that would use them?  Are we arguing that they need
to be profiled now, to provide a consistent groundwork?

Someone mentioned that the hash is sufficient, since the actual
data could just "tag along" with the cert, if required.  But there
needs to be a standard even for this kind of operation.  Is there?

It may be marginally outside the PKIX charter to show concern
beyond the keys/certificates themselves.  Is s/mime a more
appropriate forum for this concern?

Have I posed enough questions? ;)

___tony___

At 10:30 PM 12/06/1999 -0000, Anders Rundgren wrote:
>All,
>This discussion can continue forever without getting anywhere so I
>propose a short-cut.  The alternatives are:
>
>1.  Support it as an option
>
>2.  PKIX should limit direct support of information that could deprive privacy regardless if some parties want it
>
>3.  Finger-prints have no proved value or are still technically immature
>
>Anders 
>
>
>

Tony Bartoletti                                             LL
IOWA Center                                              LL LL
Lawrence Livermore National Laboratory                LL LL LL
PO Box 808, L - 089                                   LL LL LL
Livermore, CA 94551-9900                              LL LL LLLLLLLL
phone: 925-422-3881   fax: 925-423-8081               LL LLLLLLLL
email: azb@llnl.gov                                   LLLLLLLL

References:
- Stray Poll: Finger-prints in QCs
  - From: Anders Rundgren

Prev by Date: Stray Poll: Finger-prints in QCs
Next by Date: Re: QC's - for human eyes only?
Previous by thread: Stray Poll: Finger-prints in QCs
Next by thread: Re: Stray Poll: Finger-prints in QCs
Index(es):
- Date
- Thread