[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ifwp] Re: Berkman Center membership study -- Membership fees?
- Date: Sun, 17 Jan 1999 02:09:41 +0000
- From: jeff Williams <jwkckid1@ix.netcom.com>
- Subject: Re: [ifwp] Re: Berkman Center membership study -- Membership fees?
Kent and all,
Kent Crispin wrote:
> On Sat, Jan 16, 1999 at 11:59:06PM +0000, Jim Dixon wrote:
> > On Sat, 16 Jan 1999, Kent Crispin wrote:
> >
> > > > Things would move much closer to practicality if rather than tying
> > > > votes to the elusive individual you tied them to either domain names
> > > > or IP address space.
> > >
> > > The most straightforward thing is to tie them to an email address at
> > > registration time. When the voter is identified at registration,
> > > they must supply an email address as their voting address -- in
> > > fact, registration is essentially the process of binding an
> > > individual or an organization to an email address.
> > >
> > > While some email headers can be spoofed easily, it is actually very
> > > difficult to create a really good forgery, with complete delivery
> > > information. And a public rollcall vote, with every vote posted on a
> > > public web, would be extremely resistant to voter fraud -- easily as
> > > strong as a physical mail based system
> >
> > I think that we have different scales in mind.
>
> Sure -- the max total attendance of the IFWP and all other
> proceedings associated with ICANN is maybe 2500.
This is a grossly inaccurate figure. But than again you do have a
propensity
for extremes that is well known.
> I am not concerned
> with trying to do larger scale elections, or elections suitable for
> public elections in large principalities. If your argument is based
> on such elections, then let's not pursue it any further -- I don't
> consider them relevant to the case at hand.
Why aren't they relevant?
> What I am interested in
> is essentially equivalent to a corporate stockholder vote, normally
> conducted by mail, but instead conducted by email.
Or you can use a web application.
>
>
> > In actual fact, for anyone with reasonable resources (like a sovereign
> > government, for example), forging massive numbers of votes is easy.
> > And, as you must know, creating email accounts is trivial.
>
> Perhaps your reference isn't clear. Do you think it would be easy,
> for example, for a sovereign government to forge the votes necessary
> to take over a middle size corporation -- say Netscape? If so, why
> haven't they done it? If not, why not?
They can't of course. And yes things like this have been tried.
You should check out the sec files on this sort of thing.
>
>
> In reading over your post, I'm not sure what you are getting at. If
> you mean that email alone is not a proof of individual identity, of
> course that is true, and I was never suggesting that email be used
> as a proof of identity. You prove identity with a birth
> certificate, or some other document.
Any kind of document for proof of identify can be forged. It is
done every day. As the social Security office or the welfare office.
> *After* you have proved
> identity you have that identity supply you with a valid email
> address, which is recorded in the member database as the email
> address of a member.
This would be good for step one. But it would be much better if
you were your CA. That way you can issue Certs to each joining member
and identify them more accurately by using a custom cert if you like
with relevant information contained within the cert.
>
>
> > If I run the Bristol telephone book through a scanner and generate
> > 500,000 or so email addresses, how to you propose to decide which
> > email address is "real" and which isn't?
>
> I don't care -- not a single one of those addresses is in my list of
> approved email addresses, bound to actual registered voters whose
> identity I have laboriously established by sending a private
> investigator to check their birth certificates (I'm not suggesting
> that we do that -- I am pointing out through example that the
> validation of identity is completely independent of the transport
> mechanism used for conveying the votes.)
Good idea here Kent. But to even consider checking out birth
certificates would be nearly an improbable undertaking and frankly
unnecessary. And yes the transport mechanism needs to be independent
of the identification, but the cert that is used, should that be the method
most likely should be TLS compliant, as using TLS for the transport
secure mechanism would be advisable.
>
>
> > Another example: Freeserve, a new UK ISP, has signed up a million
> > or so subscribers in the last few months. [Apologies to Freeserve,
> > this is just an example! no offense intended...] Let's say that
> > they chose to sign up their entire subscriber base. It would be
> > trivial for them to forge subscriptions from all of them and then
> > intercept all relevant correspondence coming back to these
> > subscribers. The headers and all would be perfect. Focus on the
> > principles, please: how do we prevent this sort of mass forgery?
>
> It isn't a problem. We are not concerned about the existence of fake
> email addresses; we are only concerned about the possibility of being
> able to forge mail from non-fake addresses that exist in our list of
> valid voting addresses. Forging mail from a legitimate address can
> be done, but such forgeries can almost always be detected by someone
> who knows how to read the headers. Really good forgeries are much
> harder to do.
>
> [...]
>
> > > Oh -- are you looking for some kind of automatic binding of the form
> > > "every individual who 'owns' an IP address gets a vote"?
> >
> > No, I am trying to arrive at a simple scheme for identifying real
> > people at reasonable cost, one that scales up to the size of the
> > Internet. And at the same time I am trying to tie the right to
> > vote to some minimal understanding of the Internet.
>
> Ah. I agree -- email is totally inadequate as a *primary* means of
> identification. However, once a valid identity has been established
> through some other means, a binding between that identity and an
> valid email address can easily be made.
>
> > If we say "one vote per email address", then the cost of forging names
> > hovers around zero.
>
> Indeed.
>
> > If we say "one vote per registrant", then the cost of acquiring a vote
> > for an imaginary person is $70 at NSI.
>
> Right.
>
> > Limiting votes to people who are the admin contacts for IP blocks makes
> > it considerably more difficult to acquire a vote. Also, such people are
> > likely to have a real interest in the Internet. And the process of
> > acquiring address space from one of the RIRs is sufficiently fuzzy to
> > make it difficult to automate.
>
> Up front limiting of the vote to those who are "qualified" or who
> "have a real interest in the Internet" is not politically feasible.
>
> Nor is it really necessary, in my opinion, for reasons I
> will point out below...
>
> [...]
>
> > > Is that software available?
> >
> > Sure. As it is, the software is modified by hand for each election (by
> > me), but it would not be difficult to make it table driven. However,
> > it's Perl code; this and other factors limit its scaleability. My guess
> > is that it could be modified to handle elections with say 10,000 voters.
> > Above that I would redesign the software and rewrite it in C.
>
> I very seriously doubt we will ever get much above 2000.
Well if you are talking about DNSO.ORG than you are likely correct.
And as such you will not have anything close to a consensus. So
DNSO.ORG will not be "The DNSO".
>
>
> > > Once people learn how truly boring all the ICANN stuff is going to
> > > be I expect interest to dwindle dramatically.
> >
> > With that I am in the most whole-hearted agreement.
>
> That's the reason...
>
> --
> Kent Crispin, PAB Chair "Do good, and you'll be
> kent@songbird.com lonesome." -- Mark Twain
>
> __________________________________________________
> To receive the digest version instead, send a
> blank email to ifwp-digest@lists.interactivehq.org
>
> To SUBSCRIBE forward this message to:
> subscribe-IFWP@lists.interactivehq.org
>
> To UNSUBSCRIBE, forward this message to:
> unsubscribe-ifwp@lists.interactivehq.org
>
> Problems/suggestions regarding this list? Email andy@interactivehq.org.
> ___END____________________________________________
Regards,
--
Jeffrey A. Williams
CEO/DIR. Internet Network Eng/SR. Java/CORBA Development Eng.
Information Network Eng. Group. INEG. INC.
E-Mail jwkckid1@ix.netcom.com
Contact Number: 972-447-1894
Address: 5 East Kirkwood Blvd. Grapevine Texas 75208