replacing compromised biometric authenticators

Jean-Francois Mezei jfmezei_nanog at
Thu Oct 12 21:53:16 CST 2017

On 2017-10-12 16:58, Rich Kulawiec wrote:

> (3) because they facilitate coerced risk transference away from the
> people who are actually responsible (and are paid to be so) to the
> people who shouldn't be responsible (and aren't paid to be)

I think biometrics are seen as a means to reduce the possible
errors/corruption of a security guard by shifting responsibility to a

When you have multiple tennants, the DC can't assume all tennants will
keep all access cards secure so has to protect tennant 2 from tennant 1
having cards stolen by some crook intent on damaging tennant 2's cards.

A security guard matching face to picture on card AND picture in his
computer for that card can be very good, and woudl eliminate card
counterfeiting (with match against the DC's database of images) but
would not eliminate security guard making mistakes and allowing people
whose face does not match (corruption or lazyness).

This is very different from a data centre owned by a single tennant who
has full control over staff and knows who is and isn't staff and
authorized to go in.

More information about the NANOG mailing list