[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [ga] Registration process suggestion
> From: owner-ga@dnso.org [mailto:owner-ga@dnso.org]On Behalf Of Dave
> Crocker
> Sent: Thursday, February 10, 2000 6:44 AM
>
> This has been a fascinating thread to read. Pretty much
> everything people
> have been saying sounds correct and reasonable. The only problem is that
> it is irrelevant to any near-term GA activity, since the technical
> solutions being proposed are not viable.
> As noted, the spoofing problem is theoretically amenable to a localized
> technical solution. The GA provides its own cert authority for just (and
> only) this use. Typical objections to use of CAs do not apply in
> this case,
> because the activity is sufficiently small scale and small scope.
> (Not too
> many participants, and the certs are used in a very constrained way.)
I believe that this exactly what I proposed. Yet, you claim it is not
viable. Yet, you are propsing it here, or are you only summarizing?
> The problem of ballot-stuffing by creation of multiple persona
> can only be
> solved by something that constrains the creation of those
> persona. In the
> current environment, a persona is defined by an email address
> and, as we've
> seen, some people DO multiply themselves by getting any number of email
> addresses.
This is also a problem that I outlined. I also didn't propose a solution.
> Although the formal cert developers understand the issue of certs needing
> to be defined carefully, so that different criteria are applied in
> assigning different kinds of certs, there is no large scale use
> of certs as a basis for distinguishing individuals.
Actually, there is, if you go to the Thawte web-site. The question is if
Thawte is still offering this service for free.
> For that matter, there is no large scale use of certs.
Go to ANY eCommerce web-site and you will find an SSL cert, at least one.
You will also, on many of them, find TLS capability.
> For that matter, there is no large scale use of open, encrypton-based
> authentication services.
This is true, iff you emphasize the term "open".
> And that's the problem. All of this technology-iriented discussion, for
> solving the registration problem, is being conducted without attending to
> the raw fact that the technology has not already been deployed
> and used on very wide scale.
This is false (see above).
> PGP advocates might disagree about large scale authentication activities,
> but that is an example of the problem, rather than a counter to it. Both
> PGP and S/Mime are still human factors problems for average users.
and here is another problem that I can agree with. PGP needs a PKI and is
not server-based. SSL/TLS is server-based, but you have to roll your own
registration system in order to use it. This is a level of effort and
resource commitment that DNSO.ORG may not have available to it.
> I'd love to offer a viable solution, but at this point only a
> human in the
> loop seems feasible.
Unfortunately, wrt the second part, mailbox duplicity, I may have to agree.
The question is, where in the loop does the human sit?
--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html