[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ga] Registration process suggestion
Roeland and all Assembly Members,
I tend to agree with most of what you outline nicely here Roeland.
I am not sure that the DNSO can or will see this as viable for them to
engage in or implement for several fairly obvious reasons. Cost, being
one of these reasons.
I would say that the DNSO NC was very well aware of this before the
last two "Illegitimate Voting Attempts" which they have decidedly allowed
to stand, did not consider adequately. This was a very bad mistake and
in part has lead to the DNSO GA to serious ill repute of which it has
yet to address.
Roeland M.J. Meyer wrote:
> There are two problems extant.
> 1) Aliasing and masquerading, usurping someone else's email identity.
> 2) Multiple identities for the same individual.
> The first one is easily automatable.
> a) Voter registration system has PK set
> b) Voter registration system *is* a voter CA.
> 1) Voter generates/obtains x.509 key set (see your local CA)
> 2) Voter submits registration form along with public key and CRL.
> 3) System return, via email, voter CA certificate.
> All further email, both ways must be signed, after this point, including ALL
> discussion list submissions. Those not signed or failing certification do
> not get posted.
> The second one is more difficult. There is no way that I can see, where we
> can automate this. A human MUST be involved in the registration process to
> investigate any possible duplicates. It is altogether too easy, for those of
> us whom are our own ISP, to generate multiple identities. Also, there are
> those who use AOL, Hotmail, Juno, and other free email accounts, often
> multiple times. Not to mention the separate business and personal email
> identities that almost all of us HAVE to have, in order to abide by
> corporate mail usage policies.
> A naive system would simply ask for all known email addresses at the time of
> registration and have some sort of updating mechanism. However, there is
> that dishonorable 1% that would abuse such a naive system, simply because
> they can. We already have clear examples of that.
> A bright note here is that I just finished dealing with this problem on a
> user profiling system for a LARGE web-site, using BroadVision's profiling
> mechanism, under Solaris v2.6. It is not a 100% solution, but it covers a
> lot of the required ground. The problem is that a BV license is >$100K. If
> you don't think that marketing orgs worry about multiple entries in their
> demographics data, you are wrong.
Legal and Policy Advisory Council,
NetZero - Defenders of the Free World
Get your FREE Internet Access and Email at