Re: [ALSC-Forum] Authentication Technology -- Please try it out

[Eric Dierker]

I seem to recall some emphatic statements that any ccTLD contract would not be
one for services.
I seem to recall this coming from Bildt.

Donations versus fees for services is a huge Tax distinction!  IMHO any "tying"
would make any at-large donation a fee.  Any collection of fees for the
at-large creates major problems in required performance.

"What a tangled web they weave when the practice to deceive"

eric

Judith Oppenheimer wrote:

> > We've been working on a paper to formally ask the cctlds and
> > gtlds what
> > we're precisely asking them to do, we're almost there, but
> > response so far
> > as been low.
>
> Since I'm not sure who "we" is - is the cctld At Large participation tied
> in any way, to the cctld signing a contract with ICANN?
>
> ---------------------------------------------------------------------------
> ----------
> Judith Oppenheimer
> http://JudithOppenheimer.com
> http://ICBTollFreeNews.com
> 212 684-7210, 1 800 The Expert
> ---------------------------------------------------------------------------
> ----------
>
> > -----Original Message-----
> > From: owner-forum@www.atlargestudy.org
> > [mailto:owner-forum@www.atlargestudy.org]On Behalf Of Mr. Pindar Wong
> > Sent: Thursday, February 21, 2002 12:04 PM
> > To: Adam PEAKE
> > Cc: forum@atlargestudy.org
> > Subject: Re: [ALSC-Forum] Authentication Technology -- Please
> > try it out
> >
> >
> >
> > Hi Adam,
> >
> > Thanks for this, pls. see my quick comments below as I've to pack for
> > Australia (among other things to do this evening ...
> > including 'eat' ).
> >
> > ----- Original Message -----
> > From: "Adam PEAKE" <pja@glocom.ac.jp>
> >
> > > Are you saying that registrars are willing to handle the fees people
> > > will pay for membership: on top of the charge for the
> > domain name, they
> > > will separate a stream of money from the individual to ICANN (ALM).
> > > They will aggregate, do the currency conversion and send to whatever
> > > bank account ICANN or the ALM organization specifies?
> > >
> > > If so, how many ICANN accredited registrars have agreed to
> > this?  How
> > > many ccTLDs have agreed to this?
> >
> > I believe the operative word is *could*.
> >
> > Regardless if one agrees/disagrees with the Individual
> > Domain Name holding
> > criteria, which IMHO depends on you view of what ICANN does,
> > it seemed to us
> > that there already exists a globally distributed
> > infrastructure which might
> > be, pardon the word ... exploited (and was relevant to what
> > ICANN does and
> > to which ICANN has potential access to -- i.e. the gtld and
> > cctld registries
> > and registrars).
> >
> > Therefore why not use this infrastructure as the initial one
> > for operations.
> >
> > It's global and it's there.
> >
> > From a financial perspective, many of the At Large activities would
> > constitute an incremental cost to them -- and in our view,  keeping
> > membership dues as low as practical was appealing.
> > Furthermore, one can
> > lower the costs by various forms of aggregation (to keep the
> > per unit costs
> > of financial transfers as low as possible, lower the need to
> > understanding
> > how the international funds transfer infrastructure works to
> > make a payment
> > (e.g. TT's), not necessitate the use of a credit card, enable
> > other kinds of
> > payment (in the worst case... cash).
> >
> > Other useful aspects other than financial clearing are:-
> >
> > Outreach -- Use of their publicity infrastructure (to make
> > their existing
> > and prospective domain name holders aware of the At large,
> > its purpose etc.)
> > Outreach in local language and local customs.
> >
> > Obviously the gtld/cctld registries and registrars would be
> > concerned that
> > messages that go out on behalf or the At Large would be carefully
> > controlled, they won't be overwhelmed with customer support
> > questions about
> > At Large (this may not be a good problem for them, but its a
> > 'good' problem
> > to have for the at large (i.e. lots of members?)
> >
> > We've been working on a paper to formally ask the cctlds and
> > gtlds what
> > we're precisely asking them to do, we're almost there, but
> > response so far
> > as been low.
> >
> > I guess it's really a question if the leading  registries and
> > registrars see
> > the value in the at large (e.g. ICANN's stability etc.) and,
> > in the end,
> > take the initiative to step up to plate and volunteer.
> >
> >
> > > One advantage of the domain name holder idea seems to be that the
> > > registrar would handle the money and so remove the problems of
> > > transaction costs and other out of pocket expenses,
> > significant problems
> > > with the fee system (at least for those without credit cards.)
> >
> > Yup... see above.
> >
> > >
> > > But I think we agree that transferring money (credit card, wire
> > > transfer, etc.) will generally provide as much information to help
> > > identify a member as the domain name registration system
> > (at the present
> > > time.)
> >
> > agreed ... that's if you require all users to pay money. If
> > you don't then
> > you loose this ability to authenticate. If you don't require
> > folks to pay
> > money then minimally you need to deter abuse and automated fraud.
> >
> > Other mechanisms  that we're thinking about are those that involve
> > technologies that try to ensure that there's a living human
> > being at the end
> > of the line (ideally one that doesn't involve hardware. low
> > training costs
> > etc.) e.g. one currently under consideration is  the
> > passface technology
> > (flame away ;)
> >
> > Essentially we're minimally try to ensure that there's a
> > person at the end
> > of an email address and that the costs of automated fraud
> > would be high
> > enough to be a deterrent and furthermore could  be detected
> > before 'damage
> > is done'.
> >
> > Also those mechanisms that avoid you having to  make up any
> > magic numbers
> > (i.e. arbitrary thresholds).
> >
> > >Paying money is also an indication of demonstrable interest (and
> > > I note you say creating informed participation is as
> > important as any
> > > election, and you do not require a domain name to
> > participate, just to
> > > vote.)
> >
> > Correct ...  payment is an indication of demonstrable
> > interest (may not be
> > the only one) -- hence me trying to pass around the virtual
> > hat, asking for
> > pledges etc. (USD 12,000 and counting)
> >
> > Personally... i repeat... personally... I believe that
> > creating the informed
> > participation is actually *more* important than the election
> > (which occurs
> > only periodically).
> >
> > > So unless there is near universal agreement among registrars
> > > (ICANN accredited and ccTLDs) to handle the fees for the
> > individual I
> > > don't see how domain name holder model adds value?
> > > It might be one more
> > > option for registration and expression of interest, but
> > does not seem
> > > suitable as the default entry requirement to voting rights.
> >
> > There is also the touchy questions of who one considers to be an ICANN
> > 'stakeholder' and what is the 'public interest ICANN' as I've tried to
> > indicate.
> >
> > Again, depending on your view of what ICANN is, you will have
> > different
> > answers to both questions. If you ask 10 people what ICANN is, you'll
> > probably get 11 answers ;)
> >
> > Nevertheless, access to the TLD infrastructure is valuable
> > and one might not
> > need all of the cctld and ICANN accredited registrars initially to get
> > access to a representative sample of  *existing* individual
> > domain name
> > holders ( mostly currently in the gtld space -- the addition
> > of .name is a
> > new twist). {note:  If a cctld does not encourge/offer domain
> > names to be
> > held by individuals, that individual is theoretically able to
> > register in
> > another part of the namespace. The same cctld, while not
> > offering IDNs, may
> > contribute to At Large outreach (at large registration and
> > outreach aren't
> > mutually exclusive)
> >
> > Hence the real question about access to the existing
> > composition of today's
> > individual domain name holders is getting access to the
> > existing gtld space
> > that allow them and not all of the TLDS (cctld and gtlds) as one might
> > think.
> >
> > Recognising that although access to the TLD infrastructure is
> > a nice , it is
> > by no means, universal from day one -- led us to consider the
> > domain name+
> > concept. i.e. IDNHs and other mechanisms that can be found to
> > meet the core
> > three aspects of (demonstrable interest, authentication and payment).
> >
> > Here one can imagine elements to a number of scenarios
> >
> > 1) email account holder who subscribes to an ICANN-related
> > mailing list
> > (e.g. one in local langauge run by a cctld/ISOC chapter)
> > 2) someone who walks in, shows-up to a certain place (e.g.
> > ISOC chapter,
> > university, local ISP etc.)
> > 3) email account holder who completes an online process to
> > register, then
> > *pays* to send ICANN/ALSO a sealed *handwritten* envelope
> > (distributes the
> > financial burden of postage from ICANN to the At Large member, minimal
> > payment is for paper + postage, gets around the problem of a
> > badly formed
> > postal address (i.e. return to sender posts), unfortunately
> > requires the
> > person to be able to know how to write.
> > 4) other ways that one hasn't had the brainpower to think of.
> >
> > Obviously all of this will evolve over time.
> >
> > Certainly all the TLDS (both cctlds and gtlds) can assist
> > with At large
> > outreach. Minimally a link on their homepage and/or providing
> >  some local
> > language mailing lists for discussing ICANN or At Large issues.
> >
> >
> > >
> > > And of course the domain name holder model still has problems with
> > > equity (developing nations), with definition of individual
> > (most names
> > > are hold by businesses), with the different registration
> > practices among
> > > ccTLDs (some have encouraged individual registrations, some have
> > > restricted/prevented), with timing/registration cycles. Focusing a
> > > membership around domain names would likely shift the
> > organization even
> > > further away from the issues of the ASO/PSO. During the White Paper
> > > process many of us wondered if it was a good idea to lump
> > the stable and
> > > well function IP registry and protocol actives of IANA with the
> > > controversial, politicized problems of domain names (I don't mean to
> > > teach you to suck eggs...)  It bothers me that domain name
> > holding as
> > > entry point to membership will make things worse in this regard.
> >
> > Indeed... and their are other issues as well.
> >
> > It's certainly not a perfect system (far from it), but its a starting
> > point -- doesn't necessarily have to be the only one (again,
> > depending on
> > your view of who is a 'stakeholder' and what constitutes the 'public
> > interest in ICANN')
> >
> > Given all the confusion, FUD about ICANN, what it is really
> > about ( a today
> > worry), what it *could* evolve into (a tomorrow worry)  etc.,
> > I would argue
> > that it would be prudent to adopt as wide a criteria as
> > possible that can
> > revolves around the 3 criteria (demonstrable interest, authentication,
> > payment ) -- since there's no agreement on
> > (stakeholder/public interest).
> >
> > Cheers Adam ...
> >
> > and by the way... although you've certainly contributed alot
> > of sweat equity
> > (your time) ... what can I put you down for as a pledge (and
> > beer doesn't
> > count ;)
> >
> > p.
> >
> > PS: I really beginning to hate instant noodles.
> >
> > >
> > > Kind regards,
> > >
> > > Adam
> > >
> > >
> > >
> > >
> > > > * that collection of membership dues will enable a stable
> > ALSO that will
> > > > have resources to encourage informed participation
> > (ideally from a much
> > > > wider audience)
> > > > * that such collection of membership dues can create
> > greater confidence
> > in
> > > > membership uniqueness
> > > > * that financial clearing can be done in a currency that is most
> > convenient
> > > > * that effective participation mechanisms  within a local internet
> > community
> > > > are encouraged
> > > > * that there is the possibility of having local resources
> > that have some
> > > > clue as to what the DNS, IP addresses, protocol
> > identifiers are all
> > about
> > > > * that membership dues might be able to be contained and
> > reasonable
> > > > * that familiar distributed database and registration
> > technologies used
> > in
> > > > the DNS can also be used to help create the electoral
> > roll  (effectively
> > a
> > > > voting registry) (e.g. using whois, EPP etc.)
> > > > * that stands some chance of actually being implementable
> > > >
> > > > This is, of course, assuming that the TLD registries and
> > registrars
> > actually
> > > > buy into this whole process and what we are talking about is
> > implementating
> > > > a global At Large Membership of a non-trivial size.
> > > >
> > > > Does this mean that using Individual Domain Name Holders
> > should be the
> > > > *only*  entry point into the At Large Membership?
> > > >
> > > > This again  really depends on what your view of what
> > ICANN is actually
> > all
> > > > about ( I guess the 'root' of the problem ;) -- and
> > perhaps, as others
> > have
> > > > argued,  ICANN needs to further clearly limit what
> > activities it engages
> > in
> > > > (using 'picket fences' or whatever ...)
> > > >
> > > > Nevertheless, as Carl mentioned at the ICANN AGM, we
> > continue to look
> > for
> > > > other mechanisms that can constitute 'domain name plus'.
> > > >
> > > > i.e. while it may be debateable what constitutes a
> > 'stakeholder' and
> > what is
> > > > 'the public interest in ICANN' depending on your view of the ICANN
> > world,
> > > > other mechanisms should address issues of
> > > >
> > > > 1) Demonstrable Interest
> > > > 2) Authentication
> > > > 3) Payment
> > > >
> > > > Using Individuals Domain Name Holders is a starting point
> > ... it may not
> > > > necessarily have to be the only one... given the
> > confusion of what ICANN
> > is
> > > > all about.
> > > >
> > > > Cheers,
> > > >
> > > > p.
> > > >
> > > > ----- Original Message -----
> > > > From: "Eric Dierker" <eric@hi-tek.com>
> > > > To: "Bruce Young" <Bruce@barelyadequate.info>
> > > > Cc: "Denise Michel ALSC" <dmichel@atlargestudy.org>;
> > > > <forum@atlargestudy.org>
> > > > Sent: Sunday, February 17, 2002 11:48 AM
> > > > Subject: Re: [ALSC-Forum] Authentication Technology --
> > Please try it out
> > > >
> > > > >
> > > > > Let us make damn sure that the ALSC understands this question.
> > > > >
> > > > > What is your primary reason for suggesting that domain name
> > registration
> > > > has
> > > > > any thing to do with voting in the At-Large?
> > > > >
> > > > > And what is your reasoning behind that decision?
> > > > >
> > > > > Sincerely,
> > > > > Eric
> > > > >
> > > > > Bruce Young wrote:
> > > > >
> > > > > > Denise wrote:
> > > > > >
> > > > > > >The financial transaction accompanying a domain name
> > > > > > >acquisition can contribute to authentication, but it
> > was not the
> > > > primary
> > > > > > >reason the ALSC recommended this approach.
> > > > > >
> > > > > > Could you illuminate us then as to the primary
> > reason, since the one
> > you
> > > > > > mention above was the primary argument made in your
> > final report?
> > > > > >
> > > > > > Bruce Young
> > > > > > Portland, Oregon
> > > > > > Bruce@barelyadequate.info
> > > > > > http://www.barelyadequate.info
> > > > >
> > > > >
> >
> >
> >