[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [ga] Registration process suggestion



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On 04-Feb-2000 Roeland M.J. Meyer wrote:
> There are two problems extant.
> 1) Aliasing and masquerading, usurping someone else's email identity.
> 2) Multiple identities for the same individual.
> 
> The first one is easily automatable.
> 
> a) Voter registration system has PK set
> b) Voter registration system *is* a voter CA.
> 
> 1) Voter generates/obtains x.509 key set (see your local CA)
> 2) Voter submits registration form along with public key and CRL.
> 3) System return, via email, voter CA certificate.
> 
> All further email, both ways must be signed, after this point, including ALL
> discussion list submissions. Those not signed or failing certification do
> not get posted.

This method is only compatible with a very very small subset of email clients,
that support the s/mime certs.  PGP/GnuPG using the openpgp standards would
work with any email client.

On the issue of identity verification, I'm rather pleased with Harald's
proposal for dealing with that.  Publish the list, and permit challenges, that
have to provide a copy of their identification in trust to the appointed person.

- --
William X. Walsh <william@dso.net>
DSo Networks  http://dso.net/
Fax: 877-860-5412 or +1-559-851-9192
GPG/PGP Key at http://dso.net/wwalsh.gpg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: DSo Networks

iD8DBQE4mlI88zLmV94Pz+IRAnCJAJwKzvY79eSFd/aFNaE1+iFMQtHP7ACdHP5R
+Rx/PhxcMXF6xmogfsylEyk=
=5K4M
-----END PGP SIGNATURE-----