Using digital signatures would be wonderful, of course, and I thought
a lot about that. CORE uses PGP signatures, and, as you know, that
is something I argued strongly for. Nominet also requires their
registrars to use PGP.
There are at least three significant issues: First, the fact that the
DNSO would have to maintain its own Public Key Infrastructure (PKI);
second, while this is changing as we speak, the legal status of
digital signatures is unsettled; and third, the composition of the
DNSO membership would be such that many of the participants might
find the use of PGP a daunting task, from an operational point of
view.
Here's a story:
If you go to the MIT PGP key server, and look for public keys for
Kent Crispin, you will find several. They are all identified by
some variation on my name plus my email address, have different key
lengths, and otherwise look perfectly normal. One of them,
however, is a ringer -- I didn't generate it, I don't have the
private key, and I can't sign messages that can be verified by this
key.
The person [*] who generated it did so as a joke, and used it to
send several messages apparently signed by me. The people running
the keyserver won't remove this bogus key, because they have no
obvious way of knowing which of us is the "real" Kent Crispin, and
they don't want to get into the business of trying to decide such
issues.
[*] This "person" is a brilliant though probably deranged cypherpunk
hacker type individual I've never met, who frequently goes by the
name "Toto". Toto may be in jail, now, but it is impossible to
tell -- he (if Toto is a he) has perpetrated so many tricks, and
has so many identities that it is impossible to know for sure.
Back to the subject:
Even without digital signatures we will need to validate identities,
and the identity validation step is a big part of what is required to
run a PKI. But establishing a PKI has many other issues, including
significant technical, political, and legal components, and there
needs to be lots of discussion about these things before we could
implement one. So, I don't think we can possibly have a PKI in place
at the formation of the DNSO, especially if we are trying to submit
an application by Feb 5.
But we will obviously need some kind of decision process in place at
startup time, and I would really rather that it not be a further
series of international meetings.
> This will probably add a level of complexity without changing much (I think
> that the frauds will be non-existent in DNSO voting), but will build an
> additional level of confidence in the results that may avoid some
> discussions and polemics afterward.
The possibility of fraud is *very* slim: though it is of course hard
to quantify, it is probably down at the same level as fraud in any
other corporate voting scheme.
> In other words, I think that while it is unlikely that we have frauds, it
> may be likely that we have discussions on frauds. Digital signatures will
> eliminate (or at least reduce) this.
I agree, and I would very much like to see digital signatures in
place. I don't think we can do it in the immediate time frame of
interest, but I think it is something that DNSO members should work
towards as quickly as possible, and that we should make it a goal.
With a PKI in place there are other things we can do as well...
kent
-- Kent Crispin, PAB Chair "Do good, and you'll be kent@songbird.com lonesome." -- Mark Twain