[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [ga] Registration process suggestion

At 05:15 PM 2/10/2000 -0800, Roeland M.J. Meyer wrote:
> > From: owner-ga@dnso.org On Behalf Of Dave Crocker
>I believe that this exactly what I proposed. Yet, you claim it is not
>viable. Yet, you are propsing it here, or are you only summarizing?


> > Although the formal cert developers understand the issue of certs needing
> > to be defined carefully, so that different criteria are applied in
> > assigning different kinds of certs, there is no large scale use
> > of certs as a basis for distinguishing individuals.
>Actually, there is, if you go to the Thawte web-site. The question is if

I did not say that no mechanisms or services existed.  I said there was no 
large-scale USE.  In this case, large-scale refers both to numbers and 
diversity of the user base.  Thawte is fine for geeks, but the entire 
system (of which Thawte is a part) is not viable for typical, non-technical 
users.  It is far to complicated.

> > For that matter, there is no large scale use of certs.
>Go to ANY eCommerce web-site and you will find an SSL cert, at least one.
>You will also, on many of them, find TLS capability.

Such certs are, at most, for the vendor.  Not the consumer.  A 
registration/voting system as being discussed here needs persona- (not 
email-) based certs for the users, not the providers.

> > For that matter, there is no large scale use of open, encrypton-based
> > authentication services.
>This is true, iff you emphasize the term "open".

That is exactly the point.  ICANN participation is open.

> > And that's the problem.  All of this technology-iriented discussion, for
> > solving the registration problem, is being conducted without attending to
> > the raw fact that the technology has not already been deployed
> > and used on very wide scale.
>This is false (see above).

It is not false.  (See above.)

> > PGP advocates might disagree about large scale authentication activities,
> > but that is an example of the problem, rather than a counter to it.  Both
> > PGP and S/Mime are still human factors problems for average users.
>and here is another problem that I can agree with. PGP needs a PKI and is
>not server-based. SSL/TLS is server-based, but you have to roll your own

Modern PGP implementations use servers that are, effectively, the same as 
PKI servers.


Dave Crocker  <dcrocker@brandenburg.com>
Brandenburg Consulting  <www.brandenburg.com>
Tel: +1.408.246.8253,  Fax: +1.408.273.6464
675 Spruce Drive,  Sunnyvale, CA 94086 USA

Gong Xi Fa Cai   /  Selamat Tahun Baru Cina

This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html