[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: No, was Re: QC biometrics needs re-engineering NOW!

To: <ietf-pkix@xxxxxxx>
Subject: Re: No, was Re: QC biometrics needs re-engineering NOW!
From: Stefan Santesson <stefan@xxxxxxxxxxx>
Date: Wed, 08 Dec 1999 09:34:57 -0500
In-reply-to: <>

My conclusion from this discussion is that our consensus from last time
this was up for debate still stands.

1) We don't want to involve us in the complex issue of machine verified
bio-metrics and they serve no meaningful purpose in remote authentication.

2) We don't want to encourage inclusion of the actual bio metric data in
certificates. It is OK to include a hash but not the actual data. I would
personally sleep better if we keep this limitation.

No real problems with interoperability with the current solution has ben
presented .

This is not a complete general bio-metrics solution. It never was and it
never will be. But it serves a particular relevant issue. For expanded
solutions I would suggest a separate work item.

I hope we all can live with this.

/Stefan

At 06:59 1999-12-08 +0000, Anders Rundgren wrote:
>>> >as you should be able to see from
>>> >the archive (but its so long ago I forget, maybe it was
>>> >a private posting). I think Steve K. addressed the issue
>>> >when he said that handing over a URL says nothing about
>>> >who can gets a 404 vs. a 200 when they ask for the content.
>>>
>>> That is REALLY silly!
>>
>>No, it is not. It means that the biometric data can be denied to
>>you, even though it is available.  You may need a client certificate
>>to get it, or a password, or be in an IP range  You don't get it just
>>because it is in the certificate.
>>
>>BTW, I may suggest that including identifying biometric data in
>>certificates is unconstitutional in the entire EC, where countries
>>have harmonized their constitutions to directly *forbid* any
>>initiative which may allow the creation of a unique indentifier,
>>a national ID.  Please verify in the current Swedish Carta Magna,
>>or German, etc.
>
>
>Ed, I think that your answer verifies what I have suspected all the time: 
>The authors
>of the two variants of bio-metrics linked to certs are not really such lousy 
>engineers,
>but are so against the idea of biometrics and PKI that they push solutions
that
>have no chance to suceed on a wider scale since they are by design 100%
>not interoperable.  QCs are unconstitutional?  Stefan, where you?
>
>Anders

References:
- Re: No, was Re: QC biometrics needs re-engineering NOW!
  - From: Anders Rundgren

Prev by Date: Re: No, was Re: QC biometrics needs re-engineering NOW!
Next by Date: RE: No, was Re: QC biometrics needs re-engineering NOW!
Previous by thread: Re: No, was Re: QC biometrics needs re-engineering NOW!
Next by thread: RE: No, was Re: QC biometrics needs re-engineering NOW!
Index(es):
- Date
- Thread