RE: [ga] Registration process suggestion

["Roeland M.J. Meyer" <rmeyer@mhsc.com>]

> From: owner-ga@dnso.org [mailto:owner-ga@dnso.org]On Behalf Of Dave
> Crocker
> Sent: Saturday, February 12, 2000 1:38 PM
>
> At 05:15 PM 2/10/2000 -0800, Roeland M.J. Meyer wrote:
> > > From: owner-ga@dnso.org On Behalf Of Dave Crocker

> > > Although the formal cert developers understand the issue of
> certs needing
> > > to be defined carefully, so that different criteria are applied in
> > > assigning different kinds of certs, there is no large scale use
> > > of certs as a basis for distinguishing individuals.
> >
> >Actually, there is, if you go to the Thawte web-site. The question is if
>
> I did not say that no mechanisms or services existed.  I said
> there was no
> large-scale USE.

Without marketing/demographics data, which neither of us are either privy to
(or are free to publish) your statement is unsupported. I still maintain
that it is false (understood - such statement is equally unsupported).
However, you might try Forrester's.

>  In this case, large-scale refers both to numbers and
> diversity of the user base.  Thawte is fine for geeks, but the entire
> system (of which Thawte is a part) is not viable for typical,
> non-technical
> users.  It is far to complicated.

I think that Thawte is doing an admirable job in end-user education. Moreso
than Verisign is. It is a complex topic.

> > > For that matter, there is no large scale use of certs.
> >
> >Go to ANY eCommerce web-site and you will find an SSL cert, at least one.
> >You will also, on many of them, find TLS capability.
>
> Such certs are, at most, for the vendor.  Not the consumer.  A
> registration/voting system as being discussed here needs persona- (not
> email-) based certs for the users, not the providers.

I agree with the non-email requirement (email vs persona). It is also a
problem with PGP. PGP only secures the individual message. With a PKI,
it -might- also provide verification of the end-points of a communique.
However, verifying the source is light-years removed from verifying the
identity of the source. One can use PGP and still remain anonymous. What's
missing here is a determination of what an identity is defined as.

> > > For that matter, there is no large scale use of open, encrypton-based
> > > authentication services.
> >
> >This is true, iff you emphasize the term "open".
>
> That is exactly the point.  ICANN participation is open.

... apples and oranges, Dave. ICANN is not a technology and authentication
services are not a would-be governance organization.

> > > And that's the problem.  All of this technology-iriented
> discussion, for
> > > solving the registration problem, is being conducted without
> attending to
> > > the raw fact that the technology has not already been deployed
> > > and used on very wide scale.
> >
> >This is false (see above).
>
> It is not false.  (See above.)

We disagree?!?!? Nahhhh....

> > > PGP advocates might disagree about large scale authentication
> activities,
> > > but that is an example of the problem, rather than a counter
> to it.  Both
> > > PGP and S/Mime are still human factors problems for average users.
> >
> >and here is another problem that I can agree with. PGP needs a PKI and is
> >not server-based. SSL/TLS is server-based, but you have to roll your own
>
> Modern PGP implementations use servers that are, effectively, the same as
> PKI servers.

I was speaking more towards TLS, in conjunction with a CSP.

--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html