<<< Date Index >>>     <<< Thread Index >>>

[IP] State Department responds to RFID passport comments





Begin forwarded message:

From: William Gronim <wwg@xxxxxxxxxxxxxx>
Date: October 26, 2005 9:39:46 AM EDT
To: Multiple recipients of list talk <talk@xxxxxxxxxxxxxxxxxx>
Subject: PRIVACY:: State Department responds to RFID passport comments
Reply-To: talk@xxxxxxxxxxxxxxxxxx


Hello.

The Sate Department has published a detailed response to the public comments it received on its proposed RFID passport scheme. Almost all (98.5%) of the comments received were negative, and 86% of the 2,335 comments concerned privacy and/or security. The Department has decided to go forward with the following plan:

    -They will use passive ISO 14443 RFID chips with a capacity of 64K.

-The binding and cover of the passport will contain shielding material to limit the reading of closed or nearly closed passports to 10cm. The Department claims to have tested the chips in question to evaluate how much shielding is needed.

-The chip will contain: name, nationality, sex, date of birth, photograph, passport number, issue date, expiration date, type of passport.

-The chip will use BAC (Basic Access Control) to encrypt chip-to- reader communications. BAC is described at [1] pages 8-9. The chip stores two keys, one for encryption one for MAC. The keys are derived from information in the visual machine readable area of the passport: date of birth, passport number, etc . As pointed out it in [1] this has two issues: The keys do not have enough entropy and the use of a single lifetime key gives anyone who once read your passport permanent access.

-Passports with broken chips will be considered invalid and replaced at no charge.

    -Trial deployments to government employees to begin December 2005.

    The comments are available at http://cryptome.org/dos102505.txt .


    --William Gronim
      wwg@xxxxxxxxxxxxxx

        "We have no future because our present is too volatile."

[1] http://eprint.iacr.org/2005/095.pdf
------------------------------------------------------------------------ -- To subscribe or unsubscribe from the TALK mailing list,send an email message to majordomo@xxxxxxxxxxxxxxxxxxxxxxxxxx the subject line and body of the message containing either:
  subscribe talkOR
  unsubscribe talk
Those two words should contain the entire subject line and
body of the message.
------------------------------------------------------------------------ --


-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/