[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ga] GA Rules don't go far enough



Roberto Gaetano writes:
 > Harald wrote:
 > >Because the rules that were adopted say that the proof of identity
 > >iprocess s only invoked when an identity is challenged, and the list
 > >imonitor is satisfied that there's reason to pursue the challenge.
 > >
 > 
 > There's also another reason to limit the check to the challenged
 > cases.
 > 
 > We will have to move, for a number of reasons, to a situation in
 > which "Membership" is a concept distinct from
 > "Mailing-List-Subscriber", and in which there will be *many* mailing
 > lists, with specific focus.  At that point in time, it will seem
 > reasonable to check the identity for "Members" (the more 'stable'
 > population, that will have the right of vote, ....), and this may be
 > done once and for good, while the 'mobile' population (the people
 > subscribing to a general-purpose mailing list) will necessarily not
 > be subject to systematic control (too expansive).

All professional societies avoid the problemof identity simply by the
fact that they charge for membership.  If you have to pay for something,
you have to identify yourself and you have incentive to not pay multiple
times.  Unfortunately, this option is not available to a so-called open
membership group as the DNSO.  However, any serious member of the DNSO
would, no doubt, belong to one or more professional societies, many of
whom may have network presences.  I know that the ACM and IEEE do, and
undoubtedly some lawyers groups must along with other groups fitting
most of the members of the DNSO.  Maybe we can work out some method of
validation with these groups.  ACM and IEEE offer e-mail forwarding
services for members-only.

My idea is really only partially formed, but it might have promise.  I
cannot really come up with any other ideas that do not involve charging
for membership.

Of course, a signed PKI certificate from a well-known organization that
requires physical proof of identity should always be acceptable.
Certainly, any self-signed certificate is worthless, but a certificate
from a well-known company (GTE, IBM, etc.) should also be acceptable.

What it really boils down to is requiring something other than a simple
e-mail address to be eligible for voting.  A specific e-mail address
from a source that requires membership (ACM, IEEE) would do, or a
suitable certificate.  Both of these are more or less trivial to
validate, but do not prevent duplication by a determined persona.

Other ideas?

/Joe
--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html