- From: Phillip M Hallam-Baker <pbaker@verisign.com>
- Date: Wed, 21 Apr 1999 10:49:51 +0200
- To: "John Boyer" <jboyer@uwi.com>, "Paul Lambert" <plambert@certicom.com>
- Cc: "Dsig group" <w3c-xml-sig-ws@w3.org>
> However, for the record, most of you seem to be missing the > point. You can > agree or disagree or argue about the merits of this technology > all you like. > Unfortunately the point is that you shouldn't be arguing about the > technology at all. We need to let the technology provide the security. You can call me an arrogant @#&% if you like but I don't think that Bede, myself and others are arguing from ignorance of the technology here. As for making arbitrary design decisions without knowing the full consequences... that never stopped any of us in the past! 'Letting the technology provide the security'??? I have no idea what the statement means. As Don points out attaching Biometrics to the message envelope results in a system 'about as secure as copy protection', while I agree that people want to do that and should be acomodated I don't think that it is a good idea for the group to put itself in a position where its statements will be used in marketing litterature to imply endorsement. The best use for biometrics is to gate access to a private key which is in turn used for creation of a digital signature. All else IMHO is a rat-hole. Which is why I didn't really want to go into the subject. I believe that the requirements of PKI are a strict superset of the requirements of biometrics. Phill
Received on Thursday, 22 April 1999 04:48:04 UTC