[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [ga] Registration process suggestion
At 05:15 PM 2/10/2000 -0800, Roeland M.J. Meyer wrote:
> > From: owner-ga@dnso.org On Behalf Of Dave Crocker
>
>I believe that this exactly what I proposed. Yet, you claim it is not
>viable. Yet, you are propsing it here, or are you only summarizing?
summarizing.
> > Although the formal cert developers understand the issue of certs needing
> > to be defined carefully, so that different criteria are applied in
> > assigning different kinds of certs, there is no large scale use
> > of certs as a basis for distinguishing individuals.
>
>Actually, there is, if you go to the Thawte web-site. The question is if
I did not say that no mechanisms or services existed. I said there was no
large-scale USE. In this case, large-scale refers both to numbers and
diversity of the user base. Thawte is fine for geeks, but the entire
system (of which Thawte is a part) is not viable for typical, non-technical
users. It is far to complicated.
> > For that matter, there is no large scale use of certs.
>
>Go to ANY eCommerce web-site and you will find an SSL cert, at least one.
>You will also, on many of them, find TLS capability.
Such certs are, at most, for the vendor. Not the consumer. A
registration/voting system as being discussed here needs persona- (not
email-) based certs for the users, not the providers.
> > For that matter, there is no large scale use of open, encrypton-based
> > authentication services.
>
>This is true, iff you emphasize the term "open".
That is exactly the point. ICANN participation is open.
> > And that's the problem. All of this technology-iriented discussion, for
> > solving the registration problem, is being conducted without attending to
> > the raw fact that the technology has not already been deployed
> > and used on very wide scale.
>
>This is false (see above).
It is not false. (See above.)
> > PGP advocates might disagree about large scale authentication activities,
> > but that is an example of the problem, rather than a counter to it. Both
> > PGP and S/Mime are still human factors problems for average users.
>
>and here is another problem that I can agree with. PGP needs a PKI and is
>not server-based. SSL/TLS is server-based, but you have to roll your own
Modern PGP implementations use servers that are, effectively, the same as
PKI servers.
d/
=-=-=-=-=
Dave Crocker <dcrocker@brandenburg.com>
Brandenburg Consulting <www.brandenburg.com>
Tel: +1.408.246.8253, Fax: +1.408.273.6464
675 Spruce Drive, Sunnyvale, CA 94086 USA
Gong Xi Fa Cai / Selamat Tahun Baru Cina
--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html