W3C home > Mailing lists > Public > w3c-xml-sig-ws@w3.org > April 1999

RE: Biometric techniques are not public key signatures

From: Paul Lambert <plambert@certicom.com>
Date: Wed, 21 Apr 1999 19:19:17 -0700
To: rdbrown@globeset.com
cc: w3c-xml-sig-ws@w3.org
Message-ID: <8825675B.0002A6CF.00@domino2.certicom.com>


>Not quite true. It has been already demonstrated that some symmetric
>authentication schemes can provide the necessary foundation to
>non-repudiation...

You are correct that there are a variety of ways to implementate
non-repudiation.  Typically these require a third party.  I should have
been more specific about the distinction I was attempting to describe.
Public key based signatures are traceable to a single key holder.
Symmetric techniques are subject to repudiation since both the creator and
the validating agent have access to the secret key.

>In fact, a symmetric authentication
>scheme with an adequate audit-trail and well-defined processes may stand
>stronger than a public-key signature scheme with inadequate protection of
>the private-key or an obvious lack of scrutany when establishing
>credentials.

Yes, but assuming equivilant protection of keys, public-key techniques have
the unique characterisitic that they are more readily traceable to a single
key-holder.  The semantics of a public key signature are different than
that of a keyed hash.  Our specification should clearly describe the
diffierences in service provided by the two mechanisms.  The syntax of our
XML digital signature should clearly describe the expected security
service.  We should not confuse keyed hashs with public key based digital
signatures.

So ... in summary here's a few of my comments in a requirements format:

Proposed XML Digital Signature Requirements:
- XML digital signatures shall be based on public key cryptographic
  techniques to bind the signatures to a single key holder
- XML digital signatures shall provide a single mandatory implement
  set of algorithms to promote the fielding of interoperable
implementations.
  Other example optional algorithms will be described and supported.
- The XML digital signature specification shall define mechanisms
  to support keyed hash and key exchange.
- The XML digital signature syntax shall clearly describe the
  expected security service (e.g. public key signature versus keyed hash)
- XML digital signatures must carry only a single
  originator key or certificate.

XML Digital Signature working group non-requirements:
- application of biometric techniques for authentication in XML
- application of physical digital signature as biometric
  authentication for XML signatures


Paul





"Richard D. Brown" <rdbrown@globeset.com> on 04/21/99 05:08:18 PM

Please respond to rdbrown@globeset.com

To:   Paul Lambert/Certicom, w3c-xml-sig-ws@w3.org
cc:
Subject:  RE: Biometric techniques are not public key signatures




Paul,

>
> In particular, a keyed hash will never be able to support
> non-repudiation.
>

Not quite true. It has been already demonstrated that some symmetric
authentication schemes can provide the necessary foundation to
non-repudiation - for example H(S,K,M) in secure hardware with S being a
unique signer's identifier sealed in the token, K a shared secret also
sealed in the token, and M a representation of the document could be
satisfactory. More sophisticated schemes can be built with key-exchange
algorithms (i.e. Diffie-Hellman).

> The trust considerations for a shared key mechanism are not the
> same as public key signed mechanisms.

Correct though usage of a public key signature scheme does not imply trust
per se. Adopting a public key signature scheme only allows signature
verifiability without having to disclose the signing secret. Trust is bound
to the production by a truted third-party of a credential that binds the
signature verification key with a set of attributes. Trust is only
propagated by the credential and not intrinsic to the use of public keys.

For WPR exchanges, symmetric key is often sufficient - non-repudiation is
not always necessary or can be achieved without making use of a "mechanic
with strong mathematical foundations." Many times in the past, courts have
ruled in favor of well-defined and well-documented business processes
though
not founded upon mathematical concepts. In fact, a symmetric authentication
scheme with an adequate audit-trail and well-defined processes may stand
stronger than a public-key signature scheme with inadequate protection of
the private-key or an obvious lack of scrutany when establishing
credentials.

Sincerely,

Richard D. Brown
Received on Wednesday, 21 April 1999 22:34:16 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 11:28:04 EDT