W3C home > Mailing lists > Public > w3c-xml-sig-ws@w3.org > April 1999

Biometric techniques are not public key signatures

From: Paul Lambert <plambert@certicom.com>
Date: Wed, 21 Apr 1999 11:35:10 -0700
To: w3c-xml-sig-ws@w3.org
Message-ID: <8825675A.00600DF1.00@domino2.certicom.com>

>As long as the blob coming out of the sign function
>actually correctly measures change in the document when the blob and
>document are passed to the verify function, we do not care what format
that
>data takes.
>
>To wit, the better handwritten signature technologies achieve at least a
>modicum of security by encrypting the blob.

We must have clear definitions of the mechanisms that we create.  It is not
appropriate to confuse a public key signature with a biometric
authentication technique like the digitization of parameters from a
physical signature.  Biometric authentication techniques should not be in
the scope of the DSig effort.  If biometric techniques are used, they may
be part of an authentication process used to access a securely stored
private key.  Brief guidelines may be provided that could describe how
authentication techniques are required to protect access to an entities
secret key.

Public key digital signatures provide more than just detecting a change in
a document.  The trust associated with the signature is based on the fact
that the signature comes from a specific unique key.  These keys have well
know risks associated with the handling and storage of the this unique
secret information.  While biometric information is unique in some sense,
it can be forged.  Additional precautions must be taken to prevent the
duplication of a valid signature.

I propose that we be precise with our discussions and limit the scope of
our digital signature specification to signatures based on public key
cryptographic techniques.

Likewise, symmetric cryptographic techniques do not have the same
properties as a public key signature.   We are discussing how to apply
symmetric keyed hash mechanisms, so I assume we have requirements for this
mechanism.  The trust considerations for a shared key mechanism are not the
same as public key signed mechanisms.  I propose that any support for
encryption, key exchanges or keyed hash security mechanisms be given unique
tags so the mechanisms are not confused with digital signatures.  In
particular, a keyed hash will never be able to support non-repudiation.
Automated processing of our signature mechanisms require that we clearly
distinguish the inferences possible from any specific usage.  It is best in
the processing to identify these differences as soon as possible.


List of XML Digital Signature working group non-requirements:
- application of biometric techniques for authentication in XML
- application of physical digital signature as biometric authentication for
XML signatures



Paul
Received on Wednesday, 21 April 1999 14:43:37 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 11:28:04 EDT