- From: Phillip M Hallam-Baker <pbaker@verisign.com>
- Date: Tue, 20 Apr 1999 11:18:39 +0200
- To: "John Boyer" <jboyer@uwi.com>, "Bede McCall" <bede@mitre.org>
- Cc: "Dsig group" <w3c-xml-sig-ws@w3.org>
I don't think we need to address signature schemes based on autographs for the following reasons: 1) The packing format had better allow any signature scheme which produces as authentication data a string o' bits which is a function of the message and optionaly some additional data. There are good reasons for allowing an SHA-1 hash or an HMAC authentication blob, biometrics should be simply another such blob. 2) Do we think we have a need for significant input of crypto expertise? I don't think so, at this level we are treating PKCS#1 RSA, DSS etc as well behaved black boxes. If we feel we can proceed without detailed instructions along the way from Rogaway, Rivest, Kaliski et al we whould expect autograph identification methods to be capable of being treated in an equally black box fashion. 3) Biometric techniques are not commodified to the same extent that RSA, DSS etc are. Patent issues aside, RSA is RSA whoever you buy it from, same for DSS. Even the more 'exotic' reaches of cryptography such as eliptic curve are well defined and standards defined. I don't think it would be possible to address biometric techniques without addressing specific proprietary techniques which would in turn lead to the issue of endorsement which I don't think W3C should get involved in - not unless they want to actually conduct trials of biometric techniques which I don't think they do. 4) The applications of biometrics and the applications of digital signatures are disjoint. I do not see an overlap, I consider biometrics important precisely because they can do things which digital signatures cannot. I don't No biometric technique is proof against a sampling attack. Each person has one and only one biometric profile. Individual mechanisms may sample that profile and base their analysis on a subset but there is no means of preventing a complete sampling of the original. At most a biometric proves is that there was knowledge of a biometric profile required to create a signature. That is very different to the assurance of a digital signature which establishes that there was knowledge of a specific piece of information. Empirically, it is easier to do a biometric scanning attack than a brain scanning attack! It is also easier to learn new pieces of information than change your fingerprint or autograph. I know there are folk in the biometric industry who dispute this, and that is kind of the point. I don't think the argument is usefull or necessary however. It is currently raqging with much FUD in the legal arena. I don't think we need to have the arguments rehearsed here too... Phill
Received on Wednesday, 21 April 1999 05:18:29 UTC