On Sat, Jan 16, 1999 at 11:59:06PM +0000, Jim Dixon wrote:
> On Sat, 16 Jan 1999, Kent Crispin wrote:
>
> > > Things would move much closer to practicality if rather than tying
> > > votes to the elusive individual you tied them to either domain names
> > > or IP address space.
> >
> > The most straightforward thing is to tie them to an email address at
> > registration time. When the voter is identified at registration,
> > they must supply an email address as their voting address -- in
> > fact, registration is essentially the process of binding an
> > individual or an organization to an email address.
> >
> > While some email headers can be spoofed easily, it is actually very
> > difficult to create a really good forgery, with complete delivery
> > information. And a public rollcall vote, with every vote posted on a
> > public web, would be extremely resistant to voter fraud -- easily as
> > strong as a physical mail based system
>
> I think that we have different scales in mind.
Sure -- the max total attendance of the IFWP and all other
proceedings associated with ICANN is maybe 2500. I am not concerned
with trying to do larger scale elections, or elections suitable for
public elections in large principalities. If your argument is based
on such elections, then let's not pursue it any further -- I don't
consider them relevant to the case at hand. What I am interested in
is essentially equivalent to a corporate stockholder vote, normally
conducted by mail, but instead conducted by email.
> In actual fact, for anyone with reasonable resources (like a sovereign
> government, for example), forging massive numbers of votes is easy.
> And, as you must know, creating email accounts is trivial.
Perhaps your reference isn't clear. Do you think it would be easy,
for example, for a sovereign government to forge the votes necessary
to take over a middle size corporation -- say Netscape? If so, why
haven't they done it? If not, why not?
In reading over your post, I'm not sure what you are getting at. If
you mean that email alone is not a proof of individual identity, of
course that is true, and I was never suggesting that email be used
as a proof of identity. You prove identity with a birth
certificate, or some other document. *After* you have proved
identity you have that identity supply you with a valid email
address, which is recorded in the member database as the email
address of a member.
> If I run the Bristol telephone book through a scanner and generate
> 500,000 or so email addresses, how to you propose to decide which
> email address is "real" and which isn't?
I don't care -- not a single one of those addresses is in my list of
approved email addresses, bound to actual registered voters whose
identity I have laboriously established by sending a private
investigator to check their birth certificates (I'm not suggesting
that we do that -- I am pointing out through example that the
validation of identity is completely independent of the transport
mechanism used for conveying the votes.)
> Another example: Freeserve, a new UK ISP, has signed up a million
> or so subscribers in the last few months. [Apologies to Freeserve,
> this is just an example! no offense intended...] Let's say that
> they chose to sign up their entire subscriber base. It would be
> trivial for them to forge subscriptions from all of them and then
> intercept all relevant correspondence coming back to these
> subscribers. The headers and all would be perfect. Focus on the
> principles, please: how do we prevent this sort of mass forgery?
It isn't a problem. We are not concerned about the existence of fake
email addresses; we are only concerned about the possibility of being
able to forge mail from non-fake addresses that exist in our list of
valid voting addresses. Forging mail from a legitimate address can
be done, but such forgeries can almost always be detected by someone
who knows how to read the headers. Really good forgeries are much
harder to do.
[...]
> > Oh -- are you looking for some kind of automatic binding of the form
> > "every individual who 'owns' an IP address gets a vote"?
>
> No, I am trying to arrive at a simple scheme for identifying real
> people at reasonable cost, one that scales up to the size of the
> Internet. And at the same time I am trying to tie the right to
> vote to some minimal understanding of the Internet.
Ah. I agree -- email is totally inadequate as a *primary* means of
identification. However, once a valid identity has been established
through some other means, a binding between that identity and an
valid email address can easily be made.
> If we say "one vote per email address", then the cost of forging names
> hovers around zero.
Indeed.
> If we say "one vote per registrant", then the cost of acquiring a vote
> for an imaginary person is $70 at NSI.
Right.
> Limiting votes to people who are the admin contacts for IP blocks makes
> it considerably more difficult to acquire a vote. Also, such people are
> likely to have a real interest in the Internet. And the process of
> acquiring address space from one of the RIRs is sufficiently fuzzy to
> make it difficult to automate.
Up front limiting of the vote to those who are "qualified" or who
"have a real interest in the Internet" is not politically feasible.
Nor is it really necessary, in my opinion, for reasons I
will point out below...
[...]
> > Is that software available?
>
> Sure. As it is, the software is modified by hand for each election (by
> me), but it would not be difficult to make it table driven. However,
> it's Perl code; this and other factors limit its scaleability. My guess
> is that it could be modified to handle elections with say 10,000 voters.
> Above that I would redesign the software and rewrite it in C.
I very seriously doubt we will ever get much above 2000.
> > Once people learn how truly boring all the ICANN stuff is going to
> > be I expect interest to dwindle dramatically.
>
> With that I am in the most whole-hearted agreement.
That's the reason...
--
Kent Crispin, PAB Chair "Do good, and you'll be
[EMAIL PROTECTED] lonesome." -- Mark Twain
__________________________________________________
To receive the digest version instead, send a
blank email to [EMAIL PROTECTED]
To SUBSCRIBE forward this message to:
[EMAIL PROTECTED]
To UNSUBSCRIBE, forward this message to:
[EMAIL PROTECTED]
Problems/suggestions regarding this list? Email [EMAIL PROTECTED]
___END____________________________________________
