>Such signatures are accepted, but not on the basis of there being >a strong binding. Otherwise, making your mark in the form of >an X wouldn't be allowed. >-Ekr This is key. I don't distinguish between biometrics and 'voluntary' signals such as Voice prints etc. because as I see it people are looking at the biometric quality for the security. I agree that there is much use of insecure authentication proceedures in paper transactions. These insecurities are in gerneral acceptable because there are other controls that mitigate risks (relationships, physical presence etc.) and until now there has been no better way. I utterly reject the notion that e-commerce should start from the position that current levels of fraud and theft are acceptable. That type of thinking leads to systems like the AMPS cellular billing scheme, a system so insecure that the UK police and courts refuse to spend taxpayer monies deterring clonning fraud that the operators could easily have prevented. So far the way of integrating biometrics and public key cryptography that works best is to use a biometric to gate access to the private key. This particular scheme is ecceptionally strong and does not require any special support in XML DigSig. Phill
This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:09 GMT