[Top] [All Lists]

Re: PGP 6.5.1 - word list and SDAs?

1999-07-07 15:06:00

Will Price wrote:
Thomas Roessler wrote:
On 1999-07-07 02:38:43 -0700, Will Price wrote:

High level biometric authentication methods that a particular
vendor (in this case Network Associates) chooses to implement are
well beyond the scope of this list.

From the context, it should have been obvious to you that by
"fingerprint" I meant "key fingerprint", and not any biometric
authentication methods your company may or may not choose to

Yes, it was obvious.  You're not seeing what I mean by biometric. 
The word list is a feature we implemented to provide better biometric
properties for key fingerprint authentication.

I expect the reason Will considers a word encoding of a fingerprint
has anything to do with `biometrics' is because (I'm guessing) the
word list was first designed for PGPfone where there is no web of
trust, and the only authentication is that you can recognise the
person at the other end of the phone's voice.  In that scenario you
are using your human ability to recognise the voice to authenticate a
key exchange.

You could argue that someone reading a PGP fingerprint (hex or encoded
as words) over the phone where you recognise the speakers voice counts
as a form of biometric authentication.