[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [ga] Registration process suggestion



> From: owner-ga@dnso.org [mailto:owner-ga@dnso.org]On Behalf Of Dave
> Crocker
> Sent: Thursday, February 10, 2000 6:44 AM
>
> This has been a fascinating thread to read.  Pretty much
> everything people
> have been saying sounds correct and reasonable.  The only problem is that
> it is irrelevant to any near-term GA activity, since the technical
> solutions being proposed are not viable.

> As noted, the spoofing problem is theoretically amenable to a localized
> technical solution.  The GA provides its own cert authority for just (and
> only) this use. Typical objections to use of CAs do not apply in
> this case,
> because the activity is sufficiently small scale and small scope.
>  (Not too
> many participants, and the certs are used in a very constrained way.)

I believe that this exactly what I proposed. Yet, you claim it is not
viable. Yet, you are propsing it here, or are you only summarizing?

> The problem of ballot-stuffing by creation of multiple persona
> can only be
> solved by something that constrains the creation of those
> persona.  In the
> current environment, a persona is defined by an email address
> and, as we've
> seen, some people DO multiply themselves by getting any number of email
> addresses.

This is also a problem that I outlined. I also didn't propose a solution.

> Although the formal cert developers understand the issue of certs needing
> to be defined carefully, so that different criteria are applied in
> assigning different kinds of certs, there is no large scale use
> of certs as a basis for distinguishing individuals.

Actually, there is, if you go to the Thawte web-site. The question is if
Thawte is still offering this service for free.

> For that matter, there is no large scale use of certs.

Go to ANY eCommerce web-site and you will find an SSL cert, at least one.
You will also, on many of them, find TLS capability.

> For that matter, there is no large scale use of open, encrypton-based
> authentication services.

This is true, iff you emphasize the term "open".

> And that's the problem.  All of this technology-iriented discussion, for
> solving the registration problem, is being conducted without attending to
> the raw fact that the technology has not already been deployed
> and used on very wide scale.

This is false (see above).

> PGP advocates might disagree about large scale authentication activities,
> but that is an example of the problem, rather than a counter to it.  Both
> PGP and S/Mime are still human factors problems for average users.

and here is another problem that I can agree with. PGP needs a PKI and is
not server-based. SSL/TLS is server-based, but you have to roll your own
registration system in order to use it. This is a level of effort and
resource commitment that DNSO.ORG may not have available to it.

> I'd love to offer a viable solution, but at this point only a
> human in the
> loop seems feasible.

Unfortunately, wrt the second part, mailbox duplicity, I may have to agree.
The question is, where in the loop does the human sit?

--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html