RE: [ALSC-Forum] Authentication Technology -- Please try it out

[Judith Oppenheimer]

> We've been working on a paper to formally ask the cctlds and
> gtlds what
> we're precisely asking them to do, we're almost there, but
> response so far
> as been low.

Since I'm not sure who "we" is - is the cctld At Large participation tied
in any way, to the cctld signing a contract with ICANN?

---------------------------------------------------------------------------
----------
Judith Oppenheimer
http://JudithOppenheimer.com
http://ICBTollFreeNews.com
212 684-7210, 1 800 The Expert
---------------------------------------------------------------------------
----------

> -----Original Message-----
> From: owner-forum@www.atlargestudy.org
> [mailto:owner-forum@www.atlargestudy.org]On Behalf Of Mr. Pindar Wong
> Sent: Thursday, February 21, 2002 12:04 PM
> To: Adam PEAKE
> Cc: forum@atlargestudy.org
> Subject: Re: [ALSC-Forum] Authentication Technology -- Please
> try it out
>
>
>
> Hi Adam,
>
> Thanks for this, pls. see my quick comments below as I've to pack for
> Australia (among other things to do this evening ...
> including 'eat' ).
>
> ----- Original Message -----
> From: "Adam PEAKE" <pja@glocom.ac.jp>
>
> > Are you saying that registrars are willing to handle the fees people
> > will pay for membership: on top of the charge for the
> domain name, they
> > will separate a stream of money from the individual to ICANN (ALM).
> > They will aggregate, do the currency conversion and send to whatever
> > bank account ICANN or the ALM organization specifies?
> >
> > If so, how many ICANN accredited registrars have agreed to
> this?  How
> > many ccTLDs have agreed to this?
>
> I believe the operative word is *could*.
>
> Regardless if one agrees/disagrees with the Individual
> Domain Name holding
> criteria, which IMHO depends on you view of what ICANN does,
> it seemed to us
> that there already exists a globally distributed
> infrastructure which might
> be, pardon the word ... exploited (and was relevant to what
> ICANN does and
> to which ICANN has potential access to -- i.e. the gtld and
> cctld registries
> and registrars).
>
> Therefore why not use this infrastructure as the initial one
> for operations.
>
> It's global and it's there.
>
> From a financial perspective, many of the At Large activities would
> constitute an incremental cost to them -- and in our view,  keeping
> membership dues as low as practical was appealing.
> Furthermore, one can
> lower the costs by various forms of aggregation (to keep the
> per unit costs
> of financial transfers as low as possible, lower the need to
> understanding
> how the international funds transfer infrastructure works to
> make a payment
> (e.g. TT's), not necessitate the use of a credit card, enable
> other kinds of
> payment (in the worst case... cash).
>
> Other useful aspects other than financial clearing are:-
>
> Outreach -- Use of their publicity infrastructure (to make
> their existing
> and prospective domain name holders aware of the At large,
> its purpose etc.)
> Outreach in local language and local customs.
>
> Obviously the gtld/cctld registries and registrars would be
> concerned that
> messages that go out on behalf or the At Large would be carefully
> controlled, they won't be overwhelmed with customer support
> questions about
> At Large (this may not be a good problem for them, but its a
> 'good' problem
> to have for the at large (i.e. lots of members?)
>
> We've been working on a paper to formally ask the cctlds and
> gtlds what
> we're precisely asking them to do, we're almost there, but
> response so far
> as been low.
>
> I guess it's really a question if the leading  registries and
> registrars see
> the value in the at large (e.g. ICANN's stability etc.) and,
> in the end,
> take the initiative to step up to plate and volunteer.
>
>
> > One advantage of the domain name holder idea seems to be that the
> > registrar would handle the money and so remove the problems of
> > transaction costs and other out of pocket expenses,
> significant problems
> > with the fee system (at least for those without credit cards.)
>
> Yup... see above.
>
> >
> > But I think we agree that transferring money (credit card, wire
> > transfer, etc.) will generally provide as much information to help
> > identify a member as the domain name registration system
> (at the present
> > time.)
>
> agreed ... that's if you require all users to pay money. If
> you don't then
> you loose this ability to authenticate. If you don't require
> folks to pay
> money then minimally you need to deter abuse and automated fraud.
>
> Other mechanisms  that we're thinking about are those that involve
> technologies that try to ensure that there's a living human
> being at the end
> of the line (ideally one that doesn't involve hardware. low
> training costs
> etc.) e.g. one currently under consideration is  the
> passface technology
> (flame away ;)
>
> Essentially we're minimally try to ensure that there's a
> person at the end
> of an email address and that the costs of automated fraud
> would be high
> enough to be a deterrent and furthermore could  be detected
> before 'damage
> is done'.
>
> Also those mechanisms that avoid you having to  make up any
> magic numbers
> (i.e. arbitrary thresholds).
>
> >Paying money is also an indication of demonstrable interest (and
> > I note you say creating informed participation is as
> important as any
> > election, and you do not require a domain name to
> participate, just to
> > vote.)
>
> Correct ...  payment is an indication of demonstrable
> interest (may not be
> the only one) -- hence me trying to pass around the virtual
> hat, asking for
> pledges etc. (USD 12,000 and counting)
>
> Personally... i repeat... personally... I believe that
> creating the informed
> participation is actually *more* important than the election
> (which occurs
> only periodically).
>
> > So unless there is near universal agreement among registrars
> > (ICANN accredited and ccTLDs) to handle the fees for the
> individual I
> > don't see how domain name holder model adds value?
> > It might be one more
> > option for registration and expression of interest, but
> does not seem
> > suitable as the default entry requirement to voting rights.
>
> There is also the touchy questions of who one considers to be an ICANN
> 'stakeholder' and what is the 'public interest ICANN' as I've tried to
> indicate.
>
> Again, depending on your view of what ICANN is, you will have
> different
> answers to both questions. If you ask 10 people what ICANN is, you'll
> probably get 11 answers ;)
>
> Nevertheless, access to the TLD infrastructure is valuable
> and one might not
> need all of the cctld and ICANN accredited registrars initially to get
> access to a representative sample of  *existing* individual
> domain name
> holders ( mostly currently in the gtld space -- the addition
> of .name is a
> new twist). {note:  If a cctld does not encourge/offer domain
> names to be
> held by individuals, that individual is theoretically able to
> register in
> another part of the namespace. The same cctld, while not
> offering IDNs, may
> contribute to At Large outreach (at large registration and
> outreach aren't
> mutually exclusive)
>
> Hence the real question about access to the existing
> composition of today's
> individual domain name holders is getting access to the
> existing gtld space
> that allow them and not all of the TLDS (cctld and gtlds) as one might
> think.
>
> Recognising that although access to the TLD infrastructure is
> a nice , it is
> by no means, universal from day one -- led us to consider the
> domain name+
> concept. i.e. IDNHs and other mechanisms that can be found to
> meet the core
> three aspects of (demonstrable interest, authentication and payment).
>
> Here one can imagine elements to a number of scenarios
>
> 1) email account holder who subscribes to an ICANN-related
> mailing list
> (e.g. one in local langauge run by a cctld/ISOC chapter)
> 2) someone who walks in, shows-up to a certain place (e.g.
> ISOC chapter,
> university, local ISP etc.)
> 3) email account holder who completes an online process to
> register, then
> *pays* to send ICANN/ALSO a sealed *handwritten* envelope
> (distributes the
> financial burden of postage from ICANN to the At Large member, minimal
> payment is for paper + postage, gets around the problem of a
> badly formed
> postal address (i.e. return to sender posts), unfortunately
> requires the
> person to be able to know how to write.
> 4) other ways that one hasn't had the brainpower to think of.
>
> Obviously all of this will evolve over time.
>
> Certainly all the TLDS (both cctlds and gtlds) can assist
> with At large
> outreach. Minimally a link on their homepage and/or providing
>  some local
> language mailing lists for discussing ICANN or At Large issues.
>
>
> >
> > And of course the domain name holder model still has problems with
> > equity (developing nations), with definition of individual
> (most names
> > are hold by businesses), with the different registration
> practices among
> > ccTLDs (some have encouraged individual registrations, some have
> > restricted/prevented), with timing/registration cycles. Focusing a
> > membership around domain names would likely shift the
> organization even
> > further away from the issues of the ASO/PSO. During the White Paper
> > process many of us wondered if it was a good idea to lump
> the stable and
> > well function IP registry and protocol actives of IANA with the
> > controversial, politicized problems of domain names (I don't mean to
> > teach you to suck eggs...)  It bothers me that domain name
> holding as
> > entry point to membership will make things worse in this regard.
>
> Indeed... and their are other issues as well.
>
> It's certainly not a perfect system (far from it), but its a starting
> point -- doesn't necessarily have to be the only one (again,
> depending on
> your view of who is a 'stakeholder' and what constitutes the 'public
> interest in ICANN')
>
> Given all the confusion, FUD about ICANN, what it is really
> about ( a today
> worry), what it *could* evolve into (a tomorrow worry)  etc.,
> I would argue
> that it would be prudent to adopt as wide a criteria as
> possible that can
> revolves around the 3 criteria (demonstrable interest, authentication,
> payment ) -- since there's no agreement on
> (stakeholder/public interest).
>
> Cheers Adam ...
>
> and by the way... although you've certainly contributed alot
> of sweat equity
> (your time) ... what can I put you down for as a pledge (and
> beer doesn't
> count ;)
>
> p.
>
> PS: I really beginning to hate instant noodles.
>
> >
> > Kind regards,
> >
> > Adam
> >
> >
> >
> >
> > > * that collection of membership dues will enable a stable
> ALSO that will
> > > have resources to encourage informed participation
> (ideally from a much
> > > wider audience)
> > > * that such collection of membership dues can create
> greater confidence
> in
> > > membership uniqueness
> > > * that financial clearing can be done in a currency that is most
> convenient
> > > * that effective participation mechanisms  within a local internet
> community
> > > are encouraged
> > > * that there is the possibility of having local resources
> that have some
> > > clue as to what the DNS, IP addresses, protocol
> identifiers are all
> about
> > > * that membership dues might be able to be contained and
> reasonable
> > > * that familiar distributed database and registration
> technologies used
> in
> > > the DNS can also be used to help create the electoral
> roll  (effectively
> a
> > > voting registry) (e.g. using whois, EPP etc.)
> > > * that stands some chance of actually being implementable
> > >
> > > This is, of course, assuming that the TLD registries and
> registrars
> actually
> > > buy into this whole process and what we are talking about is
> implementating
> > > a global At Large Membership of a non-trivial size.
> > >
> > > Does this mean that using Individual Domain Name Holders
> should be the
> > > *only*  entry point into the At Large Membership?
> > >
> > > This again  really depends on what your view of what
> ICANN is actually
> all
> > > about ( I guess the 'root' of the problem ;) -- and
> perhaps, as others
> have
> > > argued,  ICANN needs to further clearly limit what
> activities it engages
> in
> > > (using 'picket fences' or whatever ...)
> > >
> > > Nevertheless, as Carl mentioned at the ICANN AGM, we
> continue to look
> for
> > > other mechanisms that can constitute 'domain name plus'.
> > >
> > > i.e. while it may be debateable what constitutes a
> 'stakeholder' and
> what is
> > > 'the public interest in ICANN' depending on your view of the ICANN
> world,
> > > other mechanisms should address issues of
> > >
> > > 1) Demonstrable Interest
> > > 2) Authentication
> > > 3) Payment
> > >
> > > Using Individuals Domain Name Holders is a starting point
> ... it may not
> > > necessarily have to be the only one... given the
> confusion of what ICANN
> is
> > > all about.
> > >
> > > Cheers,
> > >
> > > p.
> > >
> > > ----- Original Message -----
> > > From: "Eric Dierker" <eric@hi-tek.com>
> > > To: "Bruce Young" <Bruce@barelyadequate.info>
> > > Cc: "Denise Michel ALSC" <dmichel@atlargestudy.org>;
> > > <forum@atlargestudy.org>
> > > Sent: Sunday, February 17, 2002 11:48 AM
> > > Subject: Re: [ALSC-Forum] Authentication Technology --
> Please try it out
> > >
> > > >
> > > > Let us make damn sure that the ALSC understands this question.
> > > >
> > > > What is your primary reason for suggesting that domain name
> registration
> > > has
> > > > any thing to do with voting in the At-Large?
> > > >
> > > > And what is your reasoning behind that decision?
> > > >
> > > > Sincerely,
> > > > Eric
> > > >
> > > > Bruce Young wrote:
> > > >
> > > > > Denise wrote:
> > > > >
> > > > > >The financial transaction accompanying a domain name
> > > > > >acquisition can contribute to authentication, but it
> was not the
> > > primary
> > > > > >reason the ALSC recommended this approach.
> > > > >
> > > > > Could you illuminate us then as to the primary
> reason, since the one
> you
> > > > > mention above was the primary argument made in your
> final report?
> > > > >
> > > > > Bruce Young
> > > > > Portland, Oregon
> > > > > Bruce@barelyadequate.info
> > > > > http://www.barelyadequate.info
> > > >
> > > >
>
>
>