[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Accessing/selecting biometrics was: Stray Poll: Finger-prints in QCs
- To: Peter Williams <peterw@xxxxxxxxxxxx>
- Subject: RE: Accessing/selecting biometrics was: Stray Poll: Finger-prints in QCs
- From: Stephen Kent <kent@xxxxxxx>
- Date: Fri, 10 Dec 1999 14:06:31 -0500
- Cc: "'PKIX-List '" <ietf-pkix@xxxxxxx>
- In-reply-to: <>
- References: <>
Peter,
Steve's argument really does not make sense, in a wider context.
NSA defines, in SDN706, clearance and privilege attributes to
instrument authorization regimes including NOFORN,
RELUK, etc, and PKIX faciliates their transport & carriage in
the PKIX flexible, subjectDirectoryAttributes field.
you mean the field that 2459 discourages use of?
If PKIX id-certs transport such authorization info, they
can transport similar bio-info, in other subjectDirectoryAttributes
fields.
certainly you understand the difference between authorization and
authentication info, so the analogy looks rather weak on that basis
alone.
The privacy argument concerning bio info is mostly the same
as authorization info. A 100 byte compressed picture of me
is no more sensitive than the level of my (non-existing) US
security clearance.
no, it is not. the two concerns are incomparable, in general. people
holding clearances have opted into a system which requires abandoning
some privacy concerns, and adopting new ones imposed by the clearance
issuer. a private citizen who makes use of biometric data for
authentication in a QC is operating under a different set of privacy
assumption, constraints, etc.
Given the seeming synchronization of PKIX work and NSA work, I
have no doubt that knowledge of this authorization case is
well known to all those who decide what goes into PKIX
draft standards.
several of the authors of 2459 are aware of the SDN706 work, but they
did not skew the document to endorse that NSA spec. today, we would
encourage putting that info into an AC.
If my argument does not hold, then authorization info
in PKIX-compliant certs should be restricted to a hash-reference,
so it is aligned with the bio-data rationale.
if your analogy were valid, and if we did not disparage use of the
directory attributes extension, this argument might make sense,
however, ...
This would of course make a large swath of NSA certs
today PKIX non-complying. I doubt PKIX WG would make that
decision, somehow: so PKIX stds should allow the same logic as
enabled 100 bytes of authorization information to now
also hold for embeddeding 100 bytes of bio-data.
we're not talking about backward compatibility here, so again the
analogy is flawed.
Steve