[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ga] Registration process suggestion



Roeland and all,

  Yep, this almost covers it, and is similar to you original proposal
you made to the DNSO which went foolishly rejected.  There are some
areas that can also be addressed here that I would like to add some
additional info to.  (See more below Roelands comments/suggestions)

Roeland M.J. Meyer wrote:

> There are two problems extant.
> 1) Aliasing and masquerading, usurping someone else's email identity.
> 2) Multiple identities for the same individual.

  Exactly right.

>
>
> The first one is easily automatable.
>
> a) Voter registration system has PK set
> b) Voter registration system *is* a voter CA.
>
> 1) Voter generates/obtains x.509 key set (see your local CA)
> 2) Voter submits registration form along with public key and CRL.
> 3) System return, via email, voter CA certificate.

  Yep this address both problems actually.  More on that below...

>
>
> All further email, both ways must be signed, after this point, including ALL
> discussion list submissions. Those not signed or failing certification do
> not get posted.
>
> The second one is more difficult. There is no way that I can see, where we
> can automate this. A human MUST be involved in the registration process to
> investigate any possible duplicates. It is altogether too easy, for those of
> us whom are our own ISP, to generate multiple identities. Also, there are
> those who use AOL, Hotmail, Juno, and other free email accounts, often
> multiple times. Not to mention the separate business and personal email
> identities that almost all of us HAVE to have, in order to abide by
> corporate mail usage policies.

  This can be addressed with Level 2 Certs or digital ID's.  Those are only
issues to verifiable individuals.

>
>
> A naive system would simply ask for all known email addresses at the time of
> registration and have some sort of updating mechanism. However, there is
> that dishonorable 1% that would abuse such a naive system, simply because
> they can. We already have clear examples of that.
>
> A bright note here is that I just finished dealing with this problem on a
> user profiling system for a LARGE web-site, using BroadVision's profiling
> mechanism, under Solaris v2.6. It is not a 100% solution, but it covers a
> lot of the required ground. The problem is that a BV license is >$100K. If
> you don't think that marketing orgs worry about multiple entries in their
> demographics data, you are wrong.

Regards,
--
Jeffrey A. Williams
Spokesman INEGroup (Over 95k members strong!)
CEO/DIR. Internet Network Eng/SR. Java/CORBA Development Eng.
Information Network Eng. Group. INEG. INC.
E-Mail jwkckid1@ix.netcom.com
Contact Number:  972-447-1894
Address: 5 East Kirkwood Blvd. Grapevine Texas 75208