Re: Biometric techniques are not public key signatures from John Boyer on 1999-04-21 (w3c-xml-sig-ws@w3.org from April 1999)

From: John Boyer <jboyer@uwi.com>
Date: Wed, 21 Apr 1999 13:31:23 -0700
To: "Bede McCall" <bede@mitre.org>
Cc: "Dsig group" <w3c-xml-sig-ws@w3.org>
Message-ID: <009c01be8c35$ec73cd00$9ccbf4cc@kuratowski.uwi.bc.ca>

Yes, I know, but who said that signed XML must be signed with public key
signatures?  Even the IETF draft seems to contain other mechanisms...

Also,

I presume that Paul's statement is actually a "motion" to assert certain
non-requirements since no formal group has yet been created.

However, he made the motion and you second it precisely because you are
missing the point I'm actually trying to make.  I personally couldn't care
less whether any reader finds merit in this particular technology.  I'm not
sure I like it myself.  But as a group trying to create a worldwide standard
for signing this document format, is it our place to play God and decide
from on high that our spec won't support this technology or that technology
in the standard because we don't like it?

As the title of our "Signed XML" workshop indicates, our job is to write a
spec that accommodates signing XML.  The issue is whether those signatures
have to be XML.  Since opinion without reason is not science, I've provided
numerous reasons why it is my opinion that they shouldn't be.

1) Can we assume that we could create a markup going that will satisfy all
needs going forward?  No.  Which means that incorporating new technologies
in the future will require spec changes, dsig DTD changes, software
upgrades, signature incompatibilities with older software, and greater
costs.

2) Can we accommodate all signature technologies of the future without
creating a markup? Yes.

3) If we did create a markup for signatures, what would be the consequences?
    A) Reference implemetations would have to include the cryptographic
layer.
    B) Signature technologies that depend on unreadable signatures would be
excluded.

John Boyer
Software Development Manager
UWI.Com -- The Internet Forms Company
jboyer@uwi.com



>   From: "Paul Lambert" <plambert@certicom.com>
>   Date: Wed, 21 Apr 1999 11:35:10 -0700
>
>   [ . . . ]
>
>   List of XML Digital Signature working group non-requirements:
>   - application of biometric techniques for authentication in XML
>   - application of physical digital signature as biometric authentication
for
>   XML signatures
>
>Seconded!
>
>--Bede
>

Received on Wednesday, 21 April 1999 16:27:22 UTC