[chapter-delegates] DNS, hosting and the spirit of the Internet v1.2

Fri Mar 18 17:17:47 PST 2005

Dear James,

My answers to your email are indicated by: =>

----------------------

It is wonderful that ISOC Quebec has the members to donate the resources and
services you need.

=> I think all countries have them. At IF2002, we had the president of the
greatest (if not only...) telecom corporation of Morocco also the
representant of his country's ISOC chapter. I'm sure that they collaborated.
The only contries that may experience problems for this are the ones where
human rights altogether are a problem (ex: China) or where money rules all,
but then again, isn't Microsoft a platinum ISOC member? So you see, it's all
a question of mentality. If ISOC is seen as the "mother" org of the
Internet, then corporations will feel it is an honour to help out (and will
be proud of stating they did so...)

As you suggest, ISOC should provide complementary services, that is, DNS and
web hosting for those Chapters that do not have other means to get them.

=> Right! It's about helping without imposing your will...

We are going to consider how to do this, although it will have to wait

=> I'm sure you're doing your best.

There are at least two issues to consider.  First, before a global member
ID can be used as a "voting identifier", when it is issued we need to
confirm that it is being issued to a real person.

=> I'm thinking here of the "3 way handshake" principle (loosely
adapted...):
1) ISOC-HQ registers a member in their global db
2) A chapter gets the info and sends back a confirmation to HQ that the
member is valid (say upon presentation of local ID cards like drivers
licence
3) Member gets a central ID access to his/her profile on ISOC database and
thus is allowed to vote on issues.

=> This is not difficult to implement. All you need is a server, an SSL key
and a willing programmer. Think open source... Start a sourceforge
project...

This can not be accomplished in email because people can have more than one
email
=> Which is why a chapter would verify members IDs...

we need a way to validate that the process is working.  I have do not have a
suggestion for how to do that.
=> How about sending a photocopy of ID cards / faxing, etc. I'm sure even in
the developing countries, there's a way of checking ID. And in the places
too unstable politicaly or at war, I'm expecting the Internet would be the
least of the citizens' problems...

Second, we need to consider how to accept the votes and ensure that those
voting are doing so of their own free will.
=> That's the interesting part of the "3 way handshake" principle. If the
local chapter only confirms the person's ID and email, and then ISOC-HQ
delivers the login / password, then people will be voting as they please and
in confidentiality.

Accepting the votes can be supported in various ways.  However, how do we
ensure that whoever is submitting the vote is really the person who has the
ID being used?
=> Again, it's the "3 way handshake" principle. You can't vote for someone
else since you've got your login / password. Now, of course, security is
always relative to how hard it gets to cheat compared to the value of
cheating. But I think it's more worth the trouble for someone to get some
tourist's PIN from a bank card than to steal 1 vote out of 20 000, wouldn't
you think? Someone on the list mentioned that ISOC isn't like electing the
president of US. Likewise...

----------------------

Regards,

Eric Alloi

=====================