Re: [ga] |Going forward towards a Registrant's Constituency

["Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>]

Sotiris and all,

  I also voted in the 2000 ICANN election and still have a copy
of my ballot framed in my business office.  However many that
sent in ballots did not have their ballots counted, and more still
never recieved ballots for various reasons.  Hence that method of
identity verifying was poor at best.  

  Second, CERT authorities have had a bad reputation for a number
of years now and the USG currently is struggeling with that currently.
As I have it on fairly good authority the Canadian Government also
has been having trouble with these CERT authorities and many have
had their authorities either suspended or removed entirely.  This growing
problem also seems to be spreading throughout the EU, Russia, China,
and other pacific rim smaller nations of which some don't even have
one such licensed CERT authority currently.  Therefore although your idea
seems on the serface to be a good one, the problems associated are
still yet too great for 'All interested parties' to fairly participate
in the manner you are suggesting.

  Sotiris, can you tell us all when hermesnetwork.com's DNS is going
to get a SPF record specified?  I am sure that you don't want to
promote SPAM, right?
See: 
http://www.dnsstuff.com/tools/dnsreport?domain=hermesnetwork.com&format=raw&loadresults=true&token=2461f4cab32d5a243c03d5032a1d101b

  BTW, I believe we have been down this path before and the below
refrences represent only a few of the 'Reported' instances of CERT
fraud, and bogus CERTS.  So I along with many of my IT security
professionals are certainly not buying into the Marketing Jargon
that Digital Certs are a panacia, or even that they can long term,
if at all, provide for positive authentication.

Refrences:
http://www.gerv.net/security/improving-authentication/
http://www.mydigitallife.info/2009/01/01/researchers-crack-ssl-by-phishing-and-spoofing-digital-certification-authority-ca/
http://support.microsoft.com/kb/293818
http://www.maximumpc.com/article/news/researchers_successfully_spoof_ssl_digital_certificates_with_a_fleet_ps3s
http://lists.virus.org/isn-0011/msg00048.html
http://news.techworld.com/security/3468/ssl-security-aiding-online-fraud/
http://www.issociate.de/board/post/463434/How_to_tell_a_fake_SSL_certificate_from_a_real_one.html
http://blog.washingtonpost.com/securityfix/2006/02/the_new_face_of_phishing_1.html
http://www.internetnews.com/ec-news/article.php/2232421/PayPal-Scam-Site-Using-Legit-SSL.htm
http://articles.techrepublic.com.com/5100-10878_11-5033191.html  Note: I have 
run across this
one on more occasions than I can recall.  Too many! >:(
http://www.dslreports.com/forum/r21708037-I-just-got-owned-fraudulent-SSL-Cert-Comodo


-----Original Message-----
>From: sotiris@xxxxxxxxxxxxxxxxx
>Sent: May 20, 2010 1:45 PM
>To: ga@xxxxxxxxxxxxxx
>Subject: [ga] |Going forward towards a Registrant's Constituency
>
>
>First, let's thank Joop for offering up the IDNO charter for us to use as
>a basis for an RC charter.
>
>Next, let's get one piece of fundamental business out ofthe way. When i
>voted in the ICANN 2000 AtLarge election, it was only after my identity
>had been verified and a letter had been sent to my physical address with
>my acct/password info for voting day. In order for us to move forward on
>creating an RC we need to VERIFY that the prospective membership is who
>they say they are. Fortunately, there are many options available for us
>today. My preference would be for a digital certificate. Does anyone have
>any problem with being required to provide proof of one's identity in
>order to participate in a Registrant's Constituency? If anyone does have a
>problem, the solution is simple, they can form their own constituency of
>non-identities. I am willing to put the work into an RC but only with
>other verified individuals. So, who's willing to join me in this
>endeavour?
>
>Sotiris Sotiropoulos
>
Regards,

Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 294k members/stakeholders and growing, 
strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is very
often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B; liability
depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of
Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail jwkckid1@xxxxxxxxxxxxx
Phone: 214-244-4827