Re: [ALSC-Forum] a proposed action statement

[Alexander Svensson]

Thanks, Alan!

Not only because the TWNIC, IETF and ETSI comments don't
seem convinced about individual domain name holders as At
Large membership base, the two proposals are of high
interest:

1. Interactive Voice Response telephone collection of PINs

[USER] ---web form or email with personal code---> [AT LARGE ORG.]
[AT LARGE ORG.] ---email with unique user code---> [USER]
[USER] ---phone call with personal and user code---> [AT LARGE ORG.]

2. Distributed snail mail distribution

[USER] ---web form or email---> [REGISTRY]
[REGISTRY] ---PIN by snail mail---> [USER]
[USER] ---logs in with PIN---> [AT LARGE ORG.]

3. This is somewhat the reverse of the system I proposed
(http://www.atlargestudy.org/forum_archive/msg00772.shtml):

[USER] ---web form AND signed snail mail*---> [REG.POINT]
[REGISTRATION POINT] ---PIN by email---> [USER]
[USER] ---logs in with PIN---> [AT LARGE ORG.]
 *possibly with proof of ID

Costs:
1. User: phone costs.
2. Registry: costs for sending snail mail.
3. User: costs for sending snail mail.

We should not forget that we are not talking about a
mechanism to launch missiles -- the precautions against
fraud should be adequate and proportionate. This said,
at least neither 2 nor 3 seem to be less secure than the
proposal of relying on domain name holder contact data.

Any comments? (Probably better directly referring to
Alan's proposals.)

Best regards,
/// Alexander