Costs set to rule out register of fingerprints

[Ian Brown]

On 30 Jan 2008, at 10:42, Ian Batten wrote:

>
> On 30 Jan 08, at 1025, James Davis wrote:
>
>> Paul Vigay wrote:
>>
>>> What's the point of that? If making a fake passport you can still  
>>> ensure
>>> that the passport fingerprint data signature matches the bearer.
>>
>> I'd hope that the issuer signs the data before placing it on the  
>> card.
>
> That's going to involve issuing public keys relating to every  
> passport issuing authority to everyone who might have reason to  
> need to verify a passport, which essentially means everyone,

ICAO or another international organisation could act as a root  
certifier. Verifiers would then only need that public key to validate  
a signed issuing authority key.

> including people with very well-resourced spook agencies.

I'm not sure what difference this makes?

> That's not a trivial task, and doing it securely is genuinely  
> difficult.
>
> The attack tree would revolve around being able to get a fake  
> signature verification key into the system or obtaining the  
> signature making key for a genuine pair: given the number of  
> `insider' attacks on passport issuing authorities, that doesn't   
> strike me as overly hard for a sufficiently motivated and resourced  
> attacker.   And as you'll be providing both the public key and  
> examples of signatures to every government in the world (and even  
> if you didn't provide the public key to your favourite bete noir  
> country, you can't prevent it leaking via mutual friendly  
> countries), do you want to bet your signature algorithm and  
> technique against, say, a fully resourced joint attack by the  
> Chinese and Russian governments?

who have all sorts of other, probably easier, attacks available to them.