(no title)

The problem with that, of course, is that someone's DNA or fingerprint isn't a secret. There's no reason why I couldn't take your fingerprint, embed it into a signature and claim to be you.

And this is part of why authentication and identity are very difficult things to do right, mostly because very few people have thought about what it is they're verifying.

If I publish a public key and say it belongs to me, 'Bob Smith', the only practical use that has is that you can verify that a future message signed by 'Bob Smith' was signed by someone with access to the same private key as the guy who originally published the public key. Any assumption about who 'Bob Smith' actually is, and who that corresponds to in the real world (what other identities do they assert), and also that 'Bob Smith' is a single entity, are simply assumptions.

It's impossible to pin a human down to a single, guaranteed verifiable, non impersonatable and non revocable identity. 'Documents issued by men with guns' isn't foolproof, but we use it as a trust anchor mostly because everyone else does, and we don't have much alternative.

Falsehoods programmers believe about DNA:

    1. A person has only one genetic code in their body.
    2. A person's genetic code never changes.

etc. In the spirit of "falsehoods programmers believe about names" and "... about addresses".

Any hashing function would do it, but you leave your fingerprints and DNA anywhere. Would be easy to get access to it and copy.