[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ICANN-EU] Disclosure of ICANN At Large Membership information

To: Thomas Roessler <roessler@does-not-exist.org>
Subject: Re: [ICANN-EU] Disclosure of ICANN At Large Membership information
From: Jeff Williams <jwkckid1@ix.netcom.com>
Date: Mon, 13 Nov 2000 13:35:25 -0800
CC: Mike Roberts <roberts@icann.org>, ICANN - Anderw McLaughlin <mclaughlin@icann.org>, Hans Klein <hans.klein@pubpolicy.gatech.edu>, icann-europe@fitug.de
Comment: This message comes from the icann-europe mailing list.
Organization: INEGroup Spokesman
References: <3.0.1.32.20001111184233.010749e0@pop.compuserve.com> <a04320408b63344557f1f@[192.156.200.2]> <20001113122722.F30051@sobolev.does-not-exist.org>
Sender: owner-icann-europe@fitug.de

Thomas and all,

  Thomas makes an very good suggestion here.  However there are some
small points in his proposal that are either unclear as to intent, or
need some modification.  (See below for our suggested modifications)

Thomas Roessler wrote:

> On 2000-11-11 11:10:42 -0800, Mike Roberts wrote:
>
> > The staff recognizes that there are entirely legitimate reasons
> > for creating an active and participative At Large membership,
> > which may include self-identification of membership status to
> > other members and third parties.  Proposals which advance these
> > goals and which carefully balance public information versus
> > personal privacy concerns are welcome and should be discussed
> > with Andrew McLaughlin <mclaughlin@icann.org>.
>
> Putting aside the discussion whether or not members actually are
> statutory members, I appreciate your invitation.
>
> Here are my proposals:
>
> - Reaching the members.  Obviously, it's a huge problem for any
>   activities concerning the at large members that it's not even
>   possible to contact these members.  So we need some kind of
>   communication channel - the bookmark collection currently done by
>   Jody is a nice first step, but won't suffice.  Obviously, putting
>   all these members onto an open mailnig list won't work.  Also, too
>   much ICANN-related traffic may have adverse effects on those
>   members who aren't interested in day-to-day ICANN politics.

  It is true that some members would not be interested in Day to day
ICANN politics.  However having a open mailing list is a GOOD
idea as it provides for those that wish to stay abreast of events and
ideas being discussed more readily.  Having another list that
only gives a smattering of what is going on would be for those
that do not wish to participate on the open list.

>
>
>   Thus, I'd suggest that ICANN sets up some kind of a moderated
>   high-signal newsletter to which At Large Members can subscribe
>   themselves. Announce that newsletter on your web site, and once
>   via e-mail.

  A news letter is a poor idea.  It is to subject to manipulation.

>
>
>   Distribute the newsletter at most once per month.  Establish
>   strict submission guidelines:
>
>   -> plain text only
>   -> maximum 2kB text
>   -> maximum 5 URLs
>   -> no flames, personal attacks, and the like
>   -> possibly introduce a quota limiting the number of proposals per
>      submitter and time slice
>
>   Ideally, content would comprise announcements of discussion
>   forums, conferences, pending events, and the like.
>
> - Proving membership.
>
>   The simplest thing to do would be to establish a cgi-bin on
>   ICANN's web server, where at large members could log in with their
>   PIN, ID, and password, and where they can request that an
>   automatically-generated message confirming their membership is
>   sent to a certain e-mail address.  This way, members keep control
>   over their membership information.  However, the proof is
>   relatively week, and may be falsified.

  Yes the proof is rather week, but for the open list would suffice.

>
>
>   This method could be augmented by adding a verification URL to the
>   confirmation message:  Create a string of the form
>
>         <unique-id>+<expiry>+<hash>,
>
>   where unique-id maps into the membership database, <expiry> says
>   when the URL expires, and hash is a cryptographic hash over
>   unique-id, expiry ("now + 48h"), and a secret only held by ICANN.
>   Pass this string to an appropriate cgi-bin on ICANN's secure web
>   server, which first verifies the hash and the expiration date, and
>   then basically produces the confirmation message's content as a
>   web page.
>
>   This approach still gives individuals control over their personal
>   data.  However, due to the use of the confirmation URL and the SSL
>   server, the third party can get a non-fakable confirmation of the
>   membership status.
>
>   Additionally, a leaked verification URL will be worthless as soon
>   as it has expired, which should help keeping the privacy dangers
>   under control.  Finally, SSL doesn't generate anything you can use
>   as a proof to be demonstrated towards a third party.

  Yes but later versions of TLS do.

>
>
>   Implementing this shouldn't be too hard.
>
> Kind regards,
> --
> Thomas Roessler                         <roessler@does-not-exist.org>

Regards,
--
Jeffrey A. Williams
Spokesman INEGroup (Over 112k members strong!)
CEO/DIR. Internet Network Eng/SR. Java/CORBA Development Eng.
Information Network Eng. Group. INEG. INC.
E-Mail jwkckid1@ix.netcom.com
Contact Number:  972-447-1800 x1894 or 9236 fwd's to home ph#
Address: 5 East Kirkwood Blvd. Grapevine Texas 75208

References:
- [ICANN-EU] Sunday Reception and other events in Marina del Rey
  - From: Hans Klein <hans.klein@pubpolicy.gatech.edu>
- [ICANN-EU] Disclosure of ICANN At Large Membership information
  - From: Mike Roberts <roberts@icann.org>
- Re: [ICANN-EU] Disclosure of ICANN At Large Membership information
  - From: Thomas Roessler <roessler@does-not-exist.org>

Prev by Date: [ICANN-EU] Report on ICANN Members Forum
Next by Date: [ICANN-EU] 7:243 MUSEUM
Prev by thread: Re: [ICANN-EU] Disclosure of ICANN At Large Membership information
Next by thread: [ICANN-EU] Does .WEB qualify for "financial hardship" ?
Index(es):
- Date
- Thread