[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Stray Poll: Finger-prints in QCs

To: Anders Rundgren <anders.rundgren@xxxxxxxxxx>
Subject: Re: Stray Poll: Finger-prints in QCs
From: Michael Sierchio <kudzu@xxxxxxxx>
Date: Mon, 06 Dec 1999 17:10:22 -0800
Cc: PKIX-List <ietf-pkix@xxxxxxx>
References: <>

Anders Rundgren wrote:

> This discussion can continue forever without getting anywhere so I
> propose a short-cut.  The alternatives are:
> 
> 1.  Support it as an option

see final comments below.

> 2.  PKIX should limit direct support of information that could deprive privacy regardless if some parties want it

Definitely. 

> 3.  Finger-prints have no proved value or are still technically immature

A substantial percentage of the population in the (ethnically diverse) US
have no readable fingerprints.  No encoding of biometric data
exists which would represent an invariant reference -- all biometric
data are subject not only to variances in the metric apparatus, but
also in the subject.  Therefore,  biometric data could only reasonably
accomodated by reference.  Which raises the question of whether there
can be a trusted repository of such data.  I suggest not.

There are undoubtedly applications in which reference to biometric data
for the purposes of authentication might be desireable,  and in which
privacy concerns are not relevant (military installations, etc.).  I
cannot comprehend why anyone thinks that the binding of biometric data
to a unique person should be embedded in a certificate.  

-- 
QUI ME AMET, CANEM MEUM ETIAM AMET

References:
- Stray Poll: Finger-prints in QCs
  - From: Anders Rundgren

Prev by Date: Re: proposed key usaged text -- the final round
Next by Date: RE: non-repudiation, was Re: proposed key usage text
Previous by thread: Re: Stray Poll: Finger-prints in QCs
Next by thread: Accessing/selecting biometrics was: Stray Poll: Finger-prints in QCs
Index(es):
- Date
- Thread