[ale] #OT? Thoughts on encrypted token for ID connected to state or federal database...

Jim Kinney jim.kinney at gmail.com
Sat Apr 20 21:33:01 EDT 2024


If biometrics is the only firm of authentication, yes, it's horrible. But a
signed copy of biometric data validates the person holding the card as the
person who owns the card. It is as secure as pki certs can be.

On Sat, Apr 20, 2024, 2:56 PM Alex Carver via Ale <ale at ale.org> wrote:

> Biometrics is a terrible form of security because it's not replaceable
> when compromised.
>
> On 2024-04-20 10:46, Jim Kinney via Ale wrote:
> > CAC card style signed certificates using  pin for access to the cards
> > private certs works well in many situations. If the gov issues ID cards
> > with fed and state level certs, some people will have their heads
> explode.
> > But a single ID card with drivers license that can be used as verifiable
> > authentication for nearly everything would be an upgrade from where we
> are
> > now. If a signed biometric capture was included, it would add a huge
> level
> > of "really hard to counterfeit" to the entire thing. So a fingerprint
> > and/or retina scan plus pin will make the card unique to a person and
> evil
> > person can't steal my card and beat the pin out of. They can still
> > blackmail and I don't have an idea on how to get around that.
> >
> > The major downside is the level of effort to make it happen.
> >
> > On Sat, Apr 20, 2024 at 10:16 AM William Wylde via Ale <ale at ale.org>
> wrote:
> >
> >> How complex do you guys think creating an encrypted token connected to
> >> your state or federal ID for age verification purposes would be?   It
> seems
> >> like it would be trivial, seeing as how they all have verification
> systems
> >> in place already, and at least my state collects fingerprints when you
> get
> >> an ID or license.   I don't think it would be more intrusive than what
> they
> >> already have going on- and I think they could take the money to pay for
> it
> >> from the domestic spy apparatus.
> >>
> >> I doubt it would reveal any more information about your web habits than
> >> they already collect, but I could be wrong.  There's a lot of people on
> >> this list that are more cognizant about the ins-and-outs of this than I
> am.
> >>
> >> Thoughts?
> >>
> >> --
> >> --
> >> “Keep away from people who try to belittle your ambitions. Small people
> >> always do that, but the really great make you feel that you, too, can
> >> become great.”
> >>
> >> ― Mark Twain
> >> _______________________________________________
> >> Ale mailing list
> >> Ale at ale.org
> >> https://mail.ale.org/mailman/listinfo/ale
> >> See JOBS, ANNOUNCE and SCHOOLS lists at
> >> http://mail.ale.org/mailman/listinfo
> >>
> >
> >
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > https://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20240420/2c76274c/attachment.htm>


More information about the Ale mailing list