[10415] in cryptography@c2.net mail archive
Re: biometrics
daemon@ATHENA.MIT.EDU (Ben Laurie)
Thu Feb 7 14:15:46 2002
Message-ID: <3C618411.B4B58750@algroup.co.uk>
Date: Wed, 06 Feb 2002 19:29:21 +0000
From: Ben Laurie <ben@algroup.co.uk>
MIME-Version: 1.0
To: Dan Geer <geer@world.std.com>
Cc: lynn.wheeler@firstdata.com, Sidney Markowitz <sidney@sidney.com>,
Cryptography Mailing List <cryptography@wasabisystems.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Dan Geer wrote:
>
>
> > In the article they repeat the recommendation that you never
> > use/register the same shared-secret in different domains ... for
> > every environment you are involved with ... you have to choose a
> > different shared-secret. One of the issues of biometrics as a
> > "shared-secret password" (as opposed to the interface between you
> > and your chipcard) is that you could very quickly run out of
> > different, unique body parts.
>
> Compare and contrast, please, with the market's overwhelming
> desire for single-sign-on (SSO). Put differently, would the
> actual emergence of an actual SSO signal a market failure by
> the above analysis?
Surely the point about (good) SSO is that you control the domain you
share secrets with and that domain then certifies you to other domains -
thus avoiding the problem of sharing your secrets across domains.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
