W3C home > Mailing lists > Public > w3c-xml-sig-ws@w3.org > April 1999

RE: Fw: XML versus ASN.1/DER blob

From: Phillip M Hallam-Baker <pbaker@verisign.com>
Date: Wed, 21 Apr 1999 10:49:51 +0200
To: "John Boyer" <jboyer@uwi.com>, "Paul Lambert" <plambert@certicom.com>
Cc: "Dsig group" <w3c-xml-sig-ws@w3.org>
Message-ID: <001a01be8bd3$eb43c500$f50110ac@pbaker-pc.verisign.com>
> However, for the record, most of you seem to be missing the 
> point.  You can
> agree or disagree or argue about the merits of this technology 
> all you like.
> Unfortunately the point is that you shouldn't be arguing about the
> technology at all.  We need to let the technology provide the security.

You can call me an arrogant @#&% if you like but I don't think that
Bede, myself and others are arguing from ignorance of the technology
here. As for making arbitrary design decisions without knowing the
full consequences... that never stopped any of us in the past!

'Letting the technology provide the security'??? I have no idea
what the statement means.

As Don points out attaching Biometrics to the message envelope results
in a system 'about as secure as copy protection', while I agree that 
people want to do that and should be acomodated I don't think that it
is a good idea for the group to put itself in a position where its
statements will be used in marketing litterature to imply endorsement.


The best use for biometrics is to gate access to a private key which
is in turn used for creation of a digital signature.

All else IMHO is a rat-hole. Which is why I didn't really want to go
into the subject. I believe that the requirements of PKI are a strict
superset of the requirements of biometrics. 


		Phill
Received on Thursday, 22 April 1999 04:48:04 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 11:28:04 EDT