Re: [ALSC-Forum] Re: Direct vs. Indirect elections

[Eric Dierker]

Yes it does Leah,

But the issue by in large is not being ignored.  Although in principal we
may lose the first round for non domain name holders it will be better than
no progress.

Eric

L Gallegos wrote:

> This discussion completely ignores those who have email access
> only, wihch is a sufficiently large number of people from many
> countries, that it must be addressed.
>
> Leah
>
> On 18 Oct 2001, at 13:10, Sandy Harris wrote:
>
> >
> > Bruce Young wrote:
> >
> > > >Will it scale to the millions of potential voters, many just end
> > > >users with limited access to limited machines, and many not
> > > >speaking English?
> > >
> > > So we engineer a client browser plug-in that prompts for language.
> > > I imagine if ICANN asked the public, no small number of developers
> > > would be willing to donate time to engineer this for us.
> >
> > Perhaps, but it is not an easy problem, given the variety of
> > languages, and browsers, out there. Also, I don't think it is at all
> > clear either that many developers would want to donate time for this
> > or that we should be asking them to, rather than paying them for any
> > work we want done.
> >
> > On the other hand, many browsers already have multi-language support
> > and forms support and SSL/TLS enecryption/authentication security. It
> > is not clear we need a plugin, perhaps just a carefully designed set
> > of web pages and some translation work.
> >
> > > >Give me administrator privilieges (authorised or stolen) on almost
> > > >any multiuser system (certainly a standard Unix or Linux box or an
> > > >NT network; I'm not sure about a highly secure system like Multics)
> > > >and I can easily subvert any PGP software used there.
> > >
> > > Maybe.  But if you need a unique PIN to do anything inside the
> > > encryption, that should do the trick, don't you think?
> >
> > No. That works fine if the PIN is long enough /and/ you can trust the
> > computer you give it to.
> >
> > However, if I have have admin privileges on  the computer you use, I
> > can easily bypass any cryptographic system you use.
> >
> > I read the encrypted stored form of your PGP private key off the disk
> > and install software to log your keystrokes. That gives me any data
> > you enter -- the passphrase PGP uses to protect the private key, any
> > PIN used, ...
> >
> > > It's nice to see this forum actually working out the techie-side
> > > "nuts and bolts" of Internet elections.  Let's just not get lost in
> > > the details and lose sight of the fact that all this is moot unless
> > > we prevent them from hannding the At-Large over to domain name
> > > holders.
> > >
> > > Bruce Young
> > > Integration Engineer, Client Engineering
> > > Lockheed Martin Global Telecommunications
> > > Phone: 503.466.6571
> > > Fax: 503.466.6775
> > > E-mail:  Bruce.Young@nwdc.ibs-lmco.com
> >