Re: [atlarge-discuss] online voting
Steve Langasek wrote: On Thu, May 16, 2002 at 03:01:38PM +0200, Vittorio Bertola wrote: So, to apply this system to ICANN, we would have to build the At Large membership by cooptation, ie each new member would have to be introduced by another one. This could be somewhat interesting, but I guess it could be not open enough for our scale and purposes. Debian has chosen this particular method because it's consistent with our goals as a community: a PGP web of trust maps closely onto the relationships that have to exist among us as developers of an operating system. For ICANN, I'm pretty sure that this does not apply; so requiring all PGP keys to be signed by someone already in ICANN is probably not the way to go about it. You can choose a different method that provides the right balance of security and convenience for your organization. You might accept PGP keys with only email verification, you might accept them printed out and sent by normal mail, you might accept keys that have been signed into the global web of trust. Each approach offers a different degree of authenticity, and carries with it a different degree of overhead. Debian can use PGP because the target are the developers. I think the target of ICANN is larger (and also less tecnical), thus using PGP is not an option. (People will not enter in @large or they will use PGP in a unsecure manner, giving trust problems to all PGP infrastructure. ciao giacomo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [atlarge-discuss] online voting
Manoj and all stakeholders or interested parties, Manoj Srivastava wrote: Vittorio == Vittorio Bertola [EMAIL PROTECTED] writes: Vittorio So, to apply this system to ICANN, we would have to build Vittorio the At Large membership by cooptation, ie each new member Vittorio would have to be introduced by another one. This could be Vittorio somewhat interesting, but I guess it could be not open Vittorio enough for our scale and purposes. Not necessarily. You could have members send in the key fingerprint signed by a notary, or snail mailed with corporate letter head. How _do_ you authenticate members now? This level and expensive measure is not necessary now. In the US the digital signature Act provides for digital signatures as legally acceptable and preferable authentication for individuals. The EU has similar laws in most EU countries as well... manoj -- The likelihood of anything happening is in direct proportion to the amount of trouble it will cause if it does happen. -- Sam W. Warren Manoj Srivastava [EMAIL PROTECTED] http://www.debian.org/%7Esrivasta/ 1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Regards, -- Jeffrey A. Williams Spokesman for INEGroup - (Over 121k members/stakeholdes strong!) CEO/DIR. Internet Network Eng/SR. Java/CORBA Development Eng. Information Network Eng. Group. INEG. INC. E-Mail [EMAIL PROTECTED] Contact Number: 972-244-3801 or 214-244-4827 Address: 5 East Kirkwood Blvd. Grapevine Texas 75208 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [atlarge-discuss] online voting
On Thu, 16 May 2002 11:11:17 -0500, you wrote: organization. You might accept PGP keys with only email verification, you might accept them printed out and sent by normal mail, you might accept keys that have been signed into the global web of trust. Each approach offers a different degree of authenticity, and carries with it a different degree of overhead. In fact, that's exactly what I am thinking of. The original ICANN proposal was to identify people by having them register a domain name and be listed on a WHOIS server - which was an unsecure method, costly for the user, and easily capturable by registries and registrars (though perhaps these were appreciable features for some of those who drafted that proposal). My idea for what we are doing now (which, to make it clearer for people who are not involved directly, is building an independent verified membership roll for ICANN that can later be used to have elections for user representatives in the unlikely case that ICANN will accept this, see www.icannatlarge.com) is that we should employ a wide number of different authentication methods, not necessarily PGP-based (as the target is much less technical). Surely using the official certification authorities as created by law in the US and EU and other countries would be fine, but that cannot be the only method, as certificates are costly, not yet spread enough, and we have a worldwide target (so we have to take developing countries into account too). Having members introduce other members would be nice, though there have to be strict provisions to prevent frauds. Sending scanned images of official ID documents would be fine too, if we can prevent people from using Photoshop (er... ok, gimp or ImageMagick) to fake them. Moreover, my idea is that we should decentralize this as much as possible: you lose in safety, but the system you build is much less subject to capture and single points of failure, and much less costly. So I would be quite happy to accept Debian-certified individuals in the membership, for example. -- .oOo.oOo.oOo.oOo vb. Vittorio Bertola [EMAIL PROTECTED]Ph. +39 011 23381220 Vitaminic [The Music Evolution] - Vice President for Technology DISCLAIMER, PLEASE NOTE: This communication is intended only for use by the addressee. It may contain confidential or privileged information. Transmission, distribution and/or copy cannot be permitted. Please notify immediately the sender by replying if you are not the intended recipient. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [atlarge-discuss] online voting
Vittorio and all stakeholders or interested parties, Vittorio Bertola wrote: On Thu, 16 May 2002 11:11:17 -0500, you wrote: organization. You might accept PGP keys with only email verification, you might accept them printed out and sent by normal mail, you might accept keys that have been signed into the global web of trust. Each approach offers a different degree of authenticity, and carries with it a different degree of overhead. In fact, that's exactly what I am thinking of. The original ICANN proposal was to identify people by having them register a domain name and be listed on a WHOIS server - which was an unsecure method, costly for the user, and easily capturable by registries and registrars (though perhaps these were appreciable features for some of those who drafted that proposal). Yes this was essentially the central part of the ALSC Final Report which was resoundingly rejected for cause... My idea for what we are doing now (which, to make it clearer for people who are not involved directly, is building an independent verified membership roll for ICANN that can later be used to have elections for user representatives in the unlikely case that ICANN will accept this, see www.icannatlarge.com) is that we should employ a wide number of different authentication methods, not necessarily PGP-based (as the target is much less technical). Many different authentication methods are available and some are inter operable. We have a product that we market known as the Interface facility. It is used predominantly for inter operability of various security and authentication systems/methods to be used in a compatible way. Surely using the official certification authorities as created by law in the US and EU and other countries would be fine, but that cannot be the only method, as certificates are costly, not yet spread enough, and we have a worldwide target (so we have to take developing countries into account too). Certificates are not costly. Many Cert Authorities offer free or low cost PKI another type CERTS for no cost at all. Most others are quite cheap and can be obtained in some 128 different countries via a download. The big problem with this is that a credit card for the non-free certs is required. Many potential At-Large members and/or existing At-Large members would not have a credit card to use. Hence the At-Large would need to become it's own Cert authority issue Certs to members... Having members introduce other members would be nice, though there have to be strict provisions to prevent frauds. Sending scanned images of official ID documents would be fine too, if we can prevent people from using Photoshop (er... ok, gimp or ImageMagick) to fake them. Sending scanned documents would be a privacy concern for many potential At-Large members and very specifically and excessively expensive to adequately administer... Moreover, my idea is that we should decentralize this as much as possible: you lose in safety, but the system you build is much less subject to capture and single points of failure, and much less costly. So I would be quite happy to accept Debian-certified individuals in the membership, for example. Agreed decentralization is the way to go. Surevote provides for this capability. See:www.surevote.com -- .oOo.oOo.oOo.oOo vb. Vittorio Bertola [EMAIL PROTECTED]Ph. +39 011 23381220 Vitaminic [The Music Evolution] - Vice President for Technology DISCLAIMER, PLEASE NOTE: This communication is intended only for use by the addressee. It may contain confidential or privileged information. Transmission, distribution and/or copy cannot be permitted. Please notify immediately the sender by replying if you are not the intended recipient. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Regards, -- Jeffrey A. Williams Spokesman for INEGroup - (Over 121k members/stakeholdes strong!) CEO/DIR. Internet Network Eng/SR. Java/CORBA Development Eng. Information Network Eng. Group. INEG. INC. E-Mail [EMAIL PROTECTED] Contact Number: 972-244-3801 or 214-244-4827 Address: 5 East Kirkwood Blvd. Grapevine Texas 75208 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [atlarge-discuss] online voting
I like where Vittorio is going with this, having multiple ways to being certified for the voter rolls... the big problem will be cases where a person turns up more than one.I am a domain owner. I belong to some organizations. How do you check to see that I vote only once? Jamie - Original Message - From: Vittorio Bertola [EMAIL PROTECTED] To: Steve Langasek [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, May 17, 2002 3:57 AM Subject: Re: [atlarge-discuss] online voting On Thu, 16 May 2002 11:11:17 -0500, you wrote: organization. You might accept PGP keys with only email verification, you might accept them printed out and sent by normal mail, you might accept keys that have been signed into the global web of trust. Each approach offers a different degree of authenticity, and carries with it a different degree of overhead. In fact, that's exactly what I am thinking of. The original ICANN proposal was to identify people by having them register a domain name and be listed on a WHOIS server - which was an unsecure method, costly for the user, and easily capturable by registries and registrars (though perhaps these were appreciable features for some of those who drafted that proposal). My idea for what we are doing now (which, to make it clearer for people who are not involved directly, is building an independent verified membership roll for ICANN that can later be used to have elections for user representatives in the unlikely case that ICANN will accept this, see www.icannatlarge.com) is that we should employ a wide number of different authentication methods, not necessarily PGP-based (as the target is much less technical). Surely using the official certification authorities as created by law in the US and EU and other countries would be fine, but that cannot be the only method, as certificates are costly, not yet spread enough, and we have a worldwide target (so we have to take developing countries into account too). Having members introduce other members would be nice, though there have to be strict provisions to prevent frauds. Sending scanned images of official ID documents would be fine too, if we can prevent people from using Photoshop (er... ok, gimp or ImageMagick) to fake them. Moreover, my idea is that we should decentralize this as much as possible: you lose in safety, but the system you build is much less subject to capture and single points of failure, and much less costly. So I would be quite happy to accept Debian-certified individuals in the membership, for example. -- .oOo.oOo.oOo.oOo vb. Vittorio Bertola [EMAIL PROTECTED]Ph. +39 011 23381220 Vitaminic [The Music Evolution] - Vice President for Technology DISCLAIMER, PLEASE NOTE: This communication is intended only for use by the addressee. It may contain confidential or privileged information. Transmission, distribution and/or copy cannot be permitted. Please notify immediately the sender by replying if you are not the intended recipient. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [atlarge-discuss] online voting
On Fri, 17 May 2002 08:02:40 -0400, you wrote: I like where Vittorio is going with this, having multiple ways to being certified for the voter rolls... the big problem will be cases where a person turns up more than one.I am a domain owner. I belong to some organizations. How do you check to see that I vote only once? Identity verification mechanisms should include certification of at least your first and last name, birth date and postal address. If all of them match (or perhaps: first name + last name + birth date + nationality) you should be considered to be the same person. -- .oOo.oOo.oOo.oOo vb. Vittorio Bertola [EMAIL PROTECTED]Ph. +39 011 23381220 Vitaminic [The Music Evolution] - Vice President for Technology DISCLAIMER, PLEASE NOTE: This communication is intended only for use by the addressee. It may contain confidential or privileged information. Transmission, distribution and/or copy cannot be permitted. Please notify immediately the sender by replying if you are not the intended recipient. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [atlarge-discuss] online voting
On Fri, May 17, 2002 at 03:14:38PM +0200, Vittorio Bertola wrote: On Fri, 17 May 2002 08:02:40 -0400, you wrote: I like where Vittorio is going with this, having multiple ways to being certified for the voter rolls... the big problem will be cases where a person turns up more than one.I am a domain owner. I belong to some organizations. How do you check to see that I vote only once? Identity verification mechanisms should include certification of at least your first and last name, birth date and postal address. If all of them match (or perhaps: first name + last name + birth date + nationality) you should be considered to be the same person. civil services usually use first name + last name + birth date + place of birth, nationality not being enough to guarantee that there are no people with the same name born in the same place. Incidentaly you can also get the bird certificate easily that way. buyt then nationality may be enou8gh for you. Friendly, Sven Luther -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [atlarge-discuss] online voting
Steve Langasek wrote: On Thu, May 16, 2002 at 03:01:38PM +0200, Vittorio Bertola wrote: So, to apply this system to ICANN, we would have to build the At Large membership by cooptation, ie each new member would have to be introduced by another one. This could be somewhat interesting, but I guess it could be not open enough for our scale and purposes. Debian has chosen this particular method because it's consistent with our goals as a community: a PGP web of trust maps closely onto the relationships that have to exist among us as developers of an operating system. For ICANN, I'm pretty sure that this does not apply; so requiring all PGP keys to be signed by someone already in ICANN is probably not the way to go about it. You can choose a different method that provides the right balance of security and convenience for your organization. You might accept PGP keys with only email verification, you might accept them printed out and sent by normal mail, you might accept keys that have been signed into the global web of trust. Each approach offers a different degree of authenticity, and carries with it a different degree of overhead. Debian can use PGP because the target are the developers. I think the target of ICANN is larger (and also less tecnical), thus using PGP is not an option. (People will not enter in @large or they will use PGP in a unsecure manner, giving trust problems to all PGP infrastructure. ciao giacomo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [atlarge-discuss] online voting
Manoj and all stakeholders or interested parties, Manoj Srivastava wrote: Vittorio == Vittorio Bertola [EMAIL PROTECTED] writes: Vittorio So, to apply this system to ICANN, we would have to build Vittorio the At Large membership by cooptation, ie each new member Vittorio would have to be introduced by another one. This could be Vittorio somewhat interesting, but I guess it could be not open Vittorio enough for our scale and purposes. Not necessarily. You could have members send in the key fingerprint signed by a notary, or snail mailed with corporate letter head. How _do_ you authenticate members now? This level and expensive measure is not necessary now. In the US the digital signature Act provides for digital signatures as legally acceptable and preferable authentication for individuals. The EU has similar laws in most EU countries as well... manoj -- The likelihood of anything happening is in direct proportion to the amount of trouble it will cause if it does happen. -- Sam W. Warren Manoj Srivastava [EMAIL PROTECTED] http://www.debian.org/%7Esrivasta/ 1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Regards, -- Jeffrey A. Williams Spokesman for INEGroup - (Over 121k members/stakeholdes strong!) CEO/DIR. Internet Network Eng/SR. Java/CORBA Development Eng. Information Network Eng. Group. INEG. INC. E-Mail [EMAIL PROTECTED] Contact Number: 972-244-3801 or 214-244-4827 Address: 5 East Kirkwood Blvd. Grapevine Texas 75208 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [atlarge-discuss] online voting
On Thu, 16 May 2002 11:11:17 -0500, you wrote: organization. You might accept PGP keys with only email verification, you might accept them printed out and sent by normal mail, you might accept keys that have been signed into the global web of trust. Each approach offers a different degree of authenticity, and carries with it a different degree of overhead. In fact, that's exactly what I am thinking of. The original ICANN proposal was to identify people by having them register a domain name and be listed on a WHOIS server - which was an unsecure method, costly for the user, and easily capturable by registries and registrars (though perhaps these were appreciable features for some of those who drafted that proposal). My idea for what we are doing now (which, to make it clearer for people who are not involved directly, is building an independent verified membership roll for ICANN that can later be used to have elections for user representatives in the unlikely case that ICANN will accept this, see www.icannatlarge.com) is that we should employ a wide number of different authentication methods, not necessarily PGP-based (as the target is much less technical). Surely using the official certification authorities as created by law in the US and EU and other countries would be fine, but that cannot be the only method, as certificates are costly, not yet spread enough, and we have a worldwide target (so we have to take developing countries into account too). Having members introduce other members would be nice, though there have to be strict provisions to prevent frauds. Sending scanned images of official ID documents would be fine too, if we can prevent people from using Photoshop (er... ok, gimp or ImageMagick) to fake them. Moreover, my idea is that we should decentralize this as much as possible: you lose in safety, but the system you build is much less subject to capture and single points of failure, and much less costly. So I would be quite happy to accept Debian-certified individuals in the membership, for example. -- .oOo.oOo.oOo.oOo vb. Vittorio Bertola [EMAIL PROTECTED]Ph. +39 011 23381220 Vitaminic [The Music Evolution] - Vice President for Technology DISCLAIMER, PLEASE NOTE: This communication is intended only for use by the addressee. It may contain confidential or privileged information. Transmission, distribution and/or copy cannot be permitted. Please notify immediately the sender by replying if you are not the intended recipient. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [atlarge-discuss] online voting
Vittorio and all stakeholders or interested parties, Vittorio Bertola wrote: On Thu, 16 May 2002 11:11:17 -0500, you wrote: organization. You might accept PGP keys with only email verification, you might accept them printed out and sent by normal mail, you might accept keys that have been signed into the global web of trust. Each approach offers a different degree of authenticity, and carries with it a different degree of overhead. In fact, that's exactly what I am thinking of. The original ICANN proposal was to identify people by having them register a domain name and be listed on a WHOIS server - which was an unsecure method, costly for the user, and easily capturable by registries and registrars (though perhaps these were appreciable features for some of those who drafted that proposal). Yes this was essentially the central part of the ALSC Final Report which was resoundingly rejected for cause... My idea for what we are doing now (which, to make it clearer for people who are not involved directly, is building an independent verified membership roll for ICANN that can later be used to have elections for user representatives in the unlikely case that ICANN will accept this, see www.icannatlarge.com) is that we should employ a wide number of different authentication methods, not necessarily PGP-based (as the target is much less technical). Many different authentication methods are available and some are inter operable. We have a product that we market known as the Interface facility. It is used predominantly for inter operability of various security and authentication systems/methods to be used in a compatible way. Surely using the official certification authorities as created by law in the US and EU and other countries would be fine, but that cannot be the only method, as certificates are costly, not yet spread enough, and we have a worldwide target (so we have to take developing countries into account too). Certificates are not costly. Many Cert Authorities offer free or low cost PKI another type CERTS for no cost at all. Most others are quite cheap and can be obtained in some 128 different countries via a download. The big problem with this is that a credit card for the non-free certs is required. Many potential At-Large members and/or existing At-Large members would not have a credit card to use. Hence the At-Large would need to become it's own Cert authority issue Certs to members... Having members introduce other members would be nice, though there have to be strict provisions to prevent frauds. Sending scanned images of official ID documents would be fine too, if we can prevent people from using Photoshop (er... ok, gimp or ImageMagick) to fake them. Sending scanned documents would be a privacy concern for many potential At-Large members and very specifically and excessively expensive to adequately administer... Moreover, my idea is that we should decentralize this as much as possible: you lose in safety, but the system you build is much less subject to capture and single points of failure, and much less costly. So I would be quite happy to accept Debian-certified individuals in the membership, for example. Agreed decentralization is the way to go. Surevote provides for this capability. See:www.surevote.com -- .oOo.oOo.oOo.oOo vb. Vittorio Bertola [EMAIL PROTECTED]Ph. +39 011 23381220 Vitaminic [The Music Evolution] - Vice President for Technology DISCLAIMER, PLEASE NOTE: This communication is intended only for use by the addressee. It may contain confidential or privileged information. Transmission, distribution and/or copy cannot be permitted. Please notify immediately the sender by replying if you are not the intended recipient. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Regards, -- Jeffrey A. Williams Spokesman for INEGroup - (Over 121k members/stakeholdes strong!) CEO/DIR. Internet Network Eng/SR. Java/CORBA Development Eng. Information Network Eng. Group. INEG. INC. E-Mail [EMAIL PROTECTED] Contact Number: 972-244-3801 or 214-244-4827 Address: 5 East Kirkwood Blvd. Grapevine Texas 75208 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [atlarge-discuss] online voting
I like where Vittorio is going with this, having multiple ways to being certified for the voter rolls... the big problem will be cases where a person turns up more than one.I am a domain owner. I belong to some organizations. How do you check to see that I vote only once? Jamie - Original Message - From: Vittorio Bertola [EMAIL PROTECTED] To: Steve Langasek [EMAIL PROTECTED] Cc: debian-vote@lists.debian.org; [EMAIL PROTECTED] Sent: Friday, May 17, 2002 3:57 AM Subject: Re: [atlarge-discuss] online voting On Thu, 16 May 2002 11:11:17 -0500, you wrote: organization. You might accept PGP keys with only email verification, you might accept them printed out and sent by normal mail, you might accept keys that have been signed into the global web of trust. Each approach offers a different degree of authenticity, and carries with it a different degree of overhead. In fact, that's exactly what I am thinking of. The original ICANN proposal was to identify people by having them register a domain name and be listed on a WHOIS server - which was an unsecure method, costly for the user, and easily capturable by registries and registrars (though perhaps these were appreciable features for some of those who drafted that proposal). My idea for what we are doing now (which, to make it clearer for people who are not involved directly, is building an independent verified membership roll for ICANN that can later be used to have elections for user representatives in the unlikely case that ICANN will accept this, see www.icannatlarge.com) is that we should employ a wide number of different authentication methods, not necessarily PGP-based (as the target is much less technical). Surely using the official certification authorities as created by law in the US and EU and other countries would be fine, but that cannot be the only method, as certificates are costly, not yet spread enough, and we have a worldwide target (so we have to take developing countries into account too). Having members introduce other members would be nice, though there have to be strict provisions to prevent frauds. Sending scanned images of official ID documents would be fine too, if we can prevent people from using Photoshop (er... ok, gimp or ImageMagick) to fake them. Moreover, my idea is that we should decentralize this as much as possible: you lose in safety, but the system you build is much less subject to capture and single points of failure, and much less costly. So I would be quite happy to accept Debian-certified individuals in the membership, for example. -- .oOo.oOo.oOo.oOo vb. Vittorio Bertola [EMAIL PROTECTED]Ph. +39 011 23381220 Vitaminic [The Music Evolution] - Vice President for Technology DISCLAIMER, PLEASE NOTE: This communication is intended only for use by the addressee. It may contain confidential or privileged information. Transmission, distribution and/or copy cannot be permitted. Please notify immediately the sender by replying if you are not the intended recipient. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [atlarge-discuss] online voting
On Fri, 17 May 2002 08:02:40 -0400, you wrote: I like where Vittorio is going with this, having multiple ways to being certified for the voter rolls... the big problem will be cases where a person turns up more than one.I am a domain owner. I belong to some organizations. How do you check to see that I vote only once? Identity verification mechanisms should include certification of at least your first and last name, birth date and postal address. If all of them match (or perhaps: first name + last name + birth date + nationality) you should be considered to be the same person. -- .oOo.oOo.oOo.oOo vb. Vittorio Bertola [EMAIL PROTECTED]Ph. +39 011 23381220 Vitaminic [The Music Evolution] - Vice President for Technology DISCLAIMER, PLEASE NOTE: This communication is intended only for use by the addressee. It may contain confidential or privileged information. Transmission, distribution and/or copy cannot be permitted. Please notify immediately the sender by replying if you are not the intended recipient. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [atlarge-discuss] online voting
On Fri, May 17, 2002 at 03:14:38PM +0200, Vittorio Bertola wrote: On Fri, 17 May 2002 08:02:40 -0400, you wrote: I like where Vittorio is going with this, having multiple ways to being certified for the voter rolls... the big problem will be cases where a person turns up more than one.I am a domain owner. I belong to some organizations. How do you check to see that I vote only once? Identity verification mechanisms should include certification of at least your first and last name, birth date and postal address. If all of them match (or perhaps: first name + last name + birth date + nationality) you should be considered to be the same person. civil services usually use first name + last name + birth date + place of birth, nationality not being enough to guarantee that there are no people with the same name born in the same place. Incidentaly you can also get the bird certificate easily that way. buyt then nationality may be enou8gh for you. Friendly, Sven Luther -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [atlarge-discuss] online voting
On Wed, 15 May 2002 13:27:07 -0500, you wrote: Hi, The current voting system is slowly getting packaged; the name of the package is going to be devotee (DEbian VOTE Engine). It is, unfortunately, not really high on my list of things to do. In your process, how do you distribute the PGP keys? Once voters have a key, you can be sure that the vote is theirs, but how do you identify a new person who has to be given a key, and how do you verify his/her identity? (And thanks for your help) -- .oOo.oOo.oOo.oOo vb. Vittorio Bertola [EMAIL PROTECTED]Ph. +39 011 23381220 Vitaminic [The Music Evolution] - Vice President for Technology DISCLAIMER, PLEASE NOTE: This communication is intended only for use by the addressee. It may contain confidential or privileged information. Transmission, distribution and/or copy cannot be permitted. Please notify immediately the sender by replying if you are not the intended recipient. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [atlarge-discuss] online voting
Il gio, 2002-05-16 alle 10:27, Vittorio Bertola ha scritto: On Wed, 15 May 2002 13:27:07 -0500, you wrote: Hi, The current voting system is slowly getting packaged; the name of the package is going to be devotee (DEbian VOTE Engine). It is, unfortunately, not really high on my list of things to do. In your process, how do you distribute the PGP keys? Once voters have a key, you can be sure that the vote is theirs, but how do you identify a new person who has to be given a key, and how do you verify his/her identity? a requirement for a new debian developer is to have his gpg key signed by a full developer. we have quite a big web of trust in debian. -- Federico Di Gregorio Debian GNU/Linux Developer Italian Press Contact[EMAIL PROTECTED] INIT.D Developer [EMAIL PROTECTED] Don't dream it. Be it. -- Dr. Frank'n'further signature.asc Description: PGP signature
Re: [atlarge-discuss] online voting
On 16 May 2002 12:02:15 +0200, you wrote: In your process, how do you distribute the PGP keys? Once voters have a key, you can be sure that the vote is theirs, but how do you identify a new person who has to be given a key, and how do you verify his/her identity? a requirement for a new debian developer is to have his gpg key signed by a full developer. we have quite a big web of trust in debian. So, to apply this system to ICANN, we would have to build the At Large membership by cooptation, ie each new member would have to be introduced by another one. This could be somewhat interesting, but I guess it could be not open enough for our scale and purposes. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [atlarge-discuss] online voting
On Thu, May 16, 2002 at 03:01:38PM +0200, Vittorio Bertola wrote: On 16 May 2002 12:02:15 +0200, you wrote: In your process, how do you distribute the PGP keys? Once voters have a key, you can be sure that the vote is theirs, but how do you identify a new person who has to be given a key, and how do you verify his/her identity? a requirement for a new debian developer is to have his gpg key signed by a full developer. we have quite a big web of trust in debian. So, to apply this system to ICANN, we would have to build the At Large membership by cooptation, ie each new member would have to be introduced by another one. This could be somewhat interesting, but I guess it could be not open enough for our scale and purposes. Debian has chosen this particular method because it's consistent with our goals as a community: a PGP web of trust maps closely onto the relationships that have to exist among us as developers of an operating system. For ICANN, I'm pretty sure that this does not apply; so requiring all PGP keys to be signed by someone already in ICANN is probably not the way to go about it. You can choose a different method that provides the right balance of security and convenience for your organization. You might accept PGP keys with only email verification, you might accept them printed out and sent by normal mail, you might accept keys that have been signed into the global web of trust. Each approach offers a different degree of authenticity, and carries with it a different degree of overhead. Steve Langasek postmodern programmer msg01723/pgp0.pgp Description: PGP signature
Re: [atlarge-discuss] online voting
Vittorio == Vittorio Bertola [EMAIL PROTECTED] writes: Vittorio So, to apply this system to ICANN, we would have to build Vittorio the At Large membership by cooptation, ie each new member Vittorio would have to be introduced by another one. This could be Vittorio somewhat interesting, but I guess it could be not open Vittorio enough for our scale and purposes. Not necessarily. You could have members send in the key fingerprint signed by a notary, or snail mailed with corporate letter head. How _do_ you authenticate members now? manoj -- The likelihood of anything happening is in direct proportion to the amount of trouble it will cause if it does happen. -- Sam W. Warren Manoj Srivastava [EMAIL PROTECTED] http://www.debian.org/%7Esrivasta/ 1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [atlarge-discuss] online voting
On Wed, 15 May 2002 13:27:07 -0500, you wrote: Hi, The current voting system is slowly getting packaged; the name of the package is going to be devotee (DEbian VOTE Engine). It is, unfortunately, not really high on my list of things to do. In your process, how do you distribute the PGP keys? Once voters have a key, you can be sure that the vote is theirs, but how do you identify a new person who has to be given a key, and how do you verify his/her identity? (And thanks for your help) -- .oOo.oOo.oOo.oOo vb. Vittorio Bertola [EMAIL PROTECTED]Ph. +39 011 23381220 Vitaminic [The Music Evolution] - Vice President for Technology DISCLAIMER, PLEASE NOTE: This communication is intended only for use by the addressee. It may contain confidential or privileged information. Transmission, distribution and/or copy cannot be permitted. Please notify immediately the sender by replying if you are not the intended recipient. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [atlarge-discuss] online voting
On Thu, May 16, 2002 at 10:27:06AM +0200, Vittorio Bertola wrote: In your process, how do you distribute the PGP keys? Once voters have a key, you can be sure that the vote is theirs, but how do you identify a new person who has to be given a key, and how do you verify his/her identity? This is documented on http://www.debian.org/devel/join/nm-step2 . Bye, Joost -- . . http://mdcc.cx/ Joost van Baal. . . . . .http://logreport.org/ pgpQ1hrOqD2MD.pgp Description: PGP signature
Re: [atlarge-discuss] online voting
Il gio, 2002-05-16 alle 10:27, Vittorio Bertola ha scritto: On Wed, 15 May 2002 13:27:07 -0500, you wrote: Hi, The current voting system is slowly getting packaged; the name of the package is going to be devotee (DEbian VOTE Engine). It is, unfortunately, not really high on my list of things to do. In your process, how do you distribute the PGP keys? Once voters have a key, you can be sure that the vote is theirs, but how do you identify a new person who has to be given a key, and how do you verify his/her identity? a requirement for a new debian developer is to have his gpg key signed by a full developer. we have quite a big web of trust in debian. -- Federico Di Gregorio Debian GNU/Linux Developer Italian Press Contact[EMAIL PROTECTED] INIT.D Developer [EMAIL PROTECTED] Don't dream it. Be it. -- Dr. Frank'n'further signature.asc Description: PGP signature
Re: [atlarge-discuss] online voting
On 16 May 2002 12:02:15 +0200, you wrote: In your process, how do you distribute the PGP keys? Once voters have a key, you can be sure that the vote is theirs, but how do you identify a new person who has to be given a key, and how do you verify his/her identity? a requirement for a new debian developer is to have his gpg key signed by a full developer. we have quite a big web of trust in debian. So, to apply this system to ICANN, we would have to build the At Large membership by cooptation, ie each new member would have to be introduced by another one. This could be somewhat interesting, but I guess it could be not open enough for our scale and purposes. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [atlarge-discuss] online voting
Vittorio == Vittorio Bertola [EMAIL PROTECTED] writes: Vittorio So, to apply this system to ICANN, we would have to build Vittorio the At Large membership by cooptation, ie each new member Vittorio would have to be introduced by another one. This could be Vittorio somewhat interesting, but I guess it could be not open Vittorio enough for our scale and purposes. Not necessarily. You could have members send in the key fingerprint signed by a notary, or snail mailed with corporate letter head. How _do_ you authenticate members now? manoj -- The likelihood of anything happening is in direct proportion to the amount of trouble it will cause if it does happen. -- Sam W. Warren Manoj Srivastava [EMAIL PROTECTED] http://www.debian.org/%7Esrivasta/ 1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [atlarge-discuss] online voting
On Tue, 2002-05-14 at 16:00, Eray Ozkural wrote: Last time the debian organization (www.debian.org) used a quite satisfactory election system. It may be worthwhile. I wish they would package the software tabulation software (probably some Perl scripts) they use. If I understand the procedure correctly: Every Debian developer has: 1) an debian.org address 2) an OpenPGP key For the voting process: 1) The Project Secretary emails out a ballot http://www.debian.org/vote/howto_vote 2) Each developer PGP signs the mail and sends it to the proper address 3) Software tabulates the votes according to the Constitution 4) Project Secretary certifies the results -sw signature.asc Description: This is a digitally signed message part
Re: [atlarge-discuss] online voting
On Wed, May 15, 2002 at 10:17:01AM -0500, Stephen Waters wrote: Every Debian developer has: 1) an @debian.org address Well, this isn't true for some corner cases, and isn't relevant to voting. The developers' identities are recognized using the keys with which they sign the voting ballot, regardless of which email address they use. -- 2. That which causes joy or happiness. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [atlarge-discuss] online voting
On Wednesday 15 May 2002 18:17, Stephen Waters wrote: For the voting process: 1) The Project Secretary emails out a ballot http://www.debian.org/vote/howto_vote 2) Each developer PGP signs the mail and sends it to the proper address 3) Software tabulates the votes according to the Constitution 4) Project Secretary certifies the results Yes. I think it also has the kind of cryptographic secrecy and openness that would be useful for you. I'm sure the person(s) who have designed and written the code will be of assistance. Regards, -- Eray Ozkural (exa) [EMAIL PROTECTED] Comp. Sci. Dept., Bilkent University, Ankara www: http://www.cs.bilkent.edu.tr/~erayo Malfunction: http://mp3.com/ariza GPG public key fingerprint: 360C 852F 88B0 A745 F31B EA0F 7C07 AE16 874D 539C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [atlarge-discuss] online voting
Hi, The current voting system is slowly getting packaged; the name of the package is going to be devotee (DEbian VOTE Engine). It is, unfortunately, not really high on my list of things to do. manoj -- Never buy from a rich salesman. Goldenstern Manoj Srivastava [EMAIL PROTECTED] http://www.debian.org/%7Esrivasta/ 1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [atlarge-discuss] online voting
On Tue, 2002-05-14 at 16:00, Eray Ozkural wrote: Last time the debian organization (www.debian.org) used a quite satisfactory election system. It may be worthwhile. I wish they would package the software tabulation software (probably some Perl scripts) they use. If I understand the procedure correctly: Every Debian developer has: 1) an @debian.org address 2) an OpenPGP key For the voting process: 1) The Project Secretary emails out a ballot http://www.debian.org/vote/howto_vote 2) Each developer PGP signs the mail and sends it to the proper address 3) Software tabulates the votes according to the Constitution 4) Project Secretary certifies the results -sw signature.asc Description: This is a digitally signed message part
Re: [atlarge-discuss] online voting
On Wed, May 15, 2002 at 10:17:01AM -0500, Stephen Waters wrote: Every Debian developer has: 1) an @debian.org address Well, this isn't true for some corner cases, and isn't relevant to voting. The developers' identities are recognized using the keys with which they sign the voting ballot, regardless of which email address they use. -- 2. That which causes joy or happiness. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [atlarge-discuss] online voting
On Wednesday 15 May 2002 18:17, Stephen Waters wrote: For the voting process: 1) The Project Secretary emails out a ballot http://www.debian.org/vote/howto_vote 2) Each developer PGP signs the mail and sends it to the proper address 3) Software tabulates the votes according to the Constitution 4) Project Secretary certifies the results Yes. I think it also has the kind of cryptographic secrecy and openness that would be useful for you. I'm sure the person(s) who have designed and written the code will be of assistance. Regards, -- Eray Ozkural (exa) [EMAIL PROTECTED] Comp. Sci. Dept., Bilkent University, Ankara www: http://www.cs.bilkent.edu.tr/~erayo Malfunction: http://mp3.com/ariza GPG public key fingerprint: 360C 852F 88B0 A745 F31B EA0F 7C07 AE16 874D 539C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [atlarge-discuss] online voting
Hi, The current voting system is slowly getting packaged; the name of the package is going to be devotee (DEbian VOTE Engine). It is, unfortunately, not really high on my list of things to do. manoj -- Never buy from a rich salesman. Goldenstern Manoj Srivastava [EMAIL PROTECTED] http://www.debian.org/%7Esrivasta/ 1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
