Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

BPKI was RE: [members-discuss] [rpd] Privacy breach of nomcom2015's Mailing.List

Saul saul at
Fri Jun 12 13:31:22 UTC 2015


We already have a login on the portal, surely that means that 
we are already trusted?

If that is not the case, then we shouldn’t trust anything on there.

In reality, what is the point of sending an ID document? It is not validated 
against anything or anyone. I could send my neighbours document and no-one 
would ever be the wiser. HOWEVER, when my AFRINIC handle is associated to my 
company, THAT is the only time I am truly validated.

I would like to think that the admin contact approves additional contacts, 
so that is where the validation should lie – trust the handle.

(Yes, welcome to use the BPKI system, but the fact that I have an AFRINIC 
handle, means that I should be validated.)



(perhaps this should be on the discuss list and not the RPD list

From: rpd-bounces at [mailto:rpd-bounces at] On Behalf Of 
Sent: 11 June 2015 11:56 PM
To: Bill Woodcock
Cc: Mwendwa Kivuva; rpd >> AfriNIC Resource Policy; Andrew Alston
Subject: Re: [members-discuss] [rpd] Privacy breach of nomcom2015's 


In my humble opinion, we need a minimum of security for people to trust the 
voting system and avoid disputes and especially prove the non-repudiation. I 
think people should prepare to use the system well in advance to avoid 
running at the last moment.


A mon humble avis, Nous avons besoin d'un minimum de sécurité pour que les 
gens fassent confiance au système de vote et d'éviter les contestations et 
surtout prouver la non-répudiation. Je pense que les gens devraient se 
préparer à utiliser le système longtemps à l'avance afin d'éviter de courir 
au dernier moment.

Le 9 juin 2015 11:03, "Bill Woodcock" <woody at <mailto:woody at> 
 > a écrit :

Indeed it would be. Just a question of how much security one wants, and how 
much one wants the security to be dependent upon AfriNIC maintaining a 
password-store.  But yes, what you suggest is the simplest solution, and 
what the other RIRs do, to the best of my knowledge.


On Jun 9, 2015, at 12:36, Jackson Muthili <jacksonmuthi at 
<mailto:jacksonmuthi at> > wrote:

Wouldn't it be simpler to just log in and cast the vote without pgp and pki?

On Tuesday, June 9, 2015, Bill Woodcock <woody at 
<mailto:woody at> > wrote:

Wouldn't it be simpler to just PGP-sign the vote, and skip all the 


On Jun 9, 2015, at 09:32, Andrew Alston <Andrew.Alston at 
<mailto:Andrew.Alston at> > wrote:

Hi Ismail,

There are various reasons I can see, and I’m sure more than I haven’t yet 

One of the things that has been brought to my attention with regards to 
remote electronic voting is that many people are hesitant to provide 
identification documents to AfriNIC that are stored by AfriNIC due to 
security reasons.  (Current process says that you have to send a copy of an 
ID document to AfriNIC to get a BPKI certificate that is used to vote).  I’ve 
had some discussions in this regard with various people and will be putting 
forward a proposal or two for consideration to see if we can perhaps resolve 
this.  It’s my personal view that there is no need for such documents to be 
stored by AfriNIC so long as they are verified and validated.  One of the 
things that was pointed out for example, is that in certain countries you 
can take your ID document to a bank, they verify its real, and they provide 
you a letter saying they have seen it, they have verified it, it is real, 
and you use that letter rather than actually disclosing the ID document (I 
believe that was in Germany but am open to correction).

Perhaps we could look at a similar approach, not necessarily with banks, but 
with other members in good standing that are trusted being used to verify 
such documents.

Furthermore, I know of some fairly large registration drives that will be 
happening in the next few months conducted by various members of the 
community at various meetings, where time has been set aside specifically to 
assist people in getting registered so that come the next election they can 
cast their votes.  That being said, we may need to resolve the first issue I 
raised before hand.

With regards to the discussions online, that’s a complicated issue.  I argue 
that many of our members probably don’t understand the criticality of 
AfriNIC, the powers they as members hold, or the consequences of AfriNIC 
going wrong.  This is an education issue that needs to be solved.

The question here is, does this education issue need to be resolved from an 
AfriNIC perspective, or does this need to come from active members of the 
community?  I would argue the latter, but it is subject to a debate.

Irrespective of who does the educating though, I believe the community needs 
to better understand the following aspects (and potentially others)

a.)    What are the contents of the current bylaws, and what rights AND 
obligations do they bestow on members

b.)    What rights and obligations does the member services agreement bestow 
on members

c.)     If members are unhappy with the status-quo, what are the ways they 
can address these issues, how can THEY create change.

Yes, we talk of committees, and they have their place and are useful, but be 
that as it may, it can be argued that members need to know they themselves 
are empowered to propose the changes they feel are necessary and should be 
encouraged to do so.  That is what a membership organization is about, 
letting the members speak and be heard, irrespective of if we agree with 
what is being said or not.

To finish these thoughts, I’d like to quote Margaret Mead…

“Never doubt that a small group of thoughtful committed citizens can change 
the world; indeed, it’s the only thing that ever has.”


(Written entirely in my own personal capacity)

From: ismailmss at <mailto:ismailmss at> 
[mailto:ismailmss at] On Behalf Of Ismail M. Settenda
Sent: Tuesday, June 9, 2015 10:01 AM
To: Seun Ojedeji
Cc: Andrew Alston; Mwendwa Kivuva; rpd
Subject: Re: [members-discuss] [rpd] Privacy breach of nomcom2015's Mailing 

@Andrew, in adding to Seun's comments I agree with your observations 
..however I am thinking that though an idea is valid and right lets not 
force the issue if understanding has not been achieved especially if as you 
say it is for the community.... and as Seun has pointed out there is some 
progress (not as fast as it should be but some progress nevertheless).

I am wondering if you could do something different this time round to get 
the on-line discussions improving by initiating some program whose goal is 
to enable people participate more before we get to the AGMM but by first 
identifying and understanding the reasons why they are quiet. , cause people 
keep silent for various reasons: some don't want to add more to the noise, 
some don't know it is their mandate to say something, some don't believe it 
the right forum for change....e.t.c....e.t.c

This way between now and the next AGMM you have some pointers for you to 
analyze on why on-line participation is low and then model some mechanisms 
to correct this. These the board could then take into consideration and 
catalyze and steer the discussion at the AGMM to a more representative and 
unified conclusion.

I believe the best time we have for this organization and to pay attention 
to the issues is when we are away from home and away from our daily lives so 
lets maximize on that but we should not then make it the only time we are 
willing to spare for the organization that provides us resources that are 
critical to our businesses.




On 9 June 2015 at 08:26, Seun Ojedeji <seun.ojedeji at 
<mailto:seun.ojedeji at> > wrote:

I agree with you Andrew; discussions should not wait till face 2 face and we 
should discuss them as much as possible on the list.
I think that is happening and improving as far as policy is concerned.

Resolution discussion on the other hand is not something that people are 
used to discussing on the list (especially on members list) as they don't 
come often.

That said, I think substantive discussion on the various list will continue 
to improve as the organisation leadership continue to act transparently and 
communicate with the community on status of things. The more we get clear 
view of things, the more likely that our content will be based more on 
substance and facts.

sent from Google nexus 4
kindly excuse brevity and typos.

On 9 Jun 2015 05:54, "Andrew Alston" <Andrew.Alston at 
<mailto:Andrew.Alston at> > wrote:

Hi All,

While I have largely chosen to stay silent in this debate, because I believe 
many of these issues were already resolved at the AGMM, there is one thing I 
would like to comment on.

This has become quite normal. Somebody at the floor of the AGM called the 
entire Afrinic community "a community of mutings" or something like it. And 
he did it full of arrogance and sense of importance.

Let me take a second to clarify what I actually said here.

Far to often when something is brought to the floor of a meeting, people 
want to either complain that it hasn’t been discussed first or that they 
have never seen it.  The reality is, most issues that land on the floor of 
either the PDP or the AGMM have in some form or another been on these lists. 
The comment made here was in reference to the special resolutions that I put 
on the floor, and the people on the floor who stated that the community had 
not discussed them or provided input to them.  This was inaccurate, since 
the special resolutions had been placed on the members list on the 20th of 
May 2015, and the community had chosen not to respond to them or discuss 
them.  I referred to that as “mute mode”, and never said “a community of 

If we choose to stay silent on the lists and only respond when things 
eventually hit the floor of the meeting room, I argue that we have done the 
community a huge disservice and we should castigate ourselves for that, 
rather than complaining we had no chance to comment.  Why do I say this? 
Because the reality is that on the floor we have fairly low representation, 
and in fact in terms of members, less than 10% of members were represented 
on the members side of the room in the AGMM.  By choosing to only discuss 
and debate (and indeed object) to things only in the room, we disenfranchise 
the rest of the member base, and deny them our opinions and their chance to 
agree or rebut.

This is not the first time this issue has come up either.  As I pointed out 
then, it took an incredibly controversial policy going to the floor of the 
PDP in Tanzania to really engender debate, and in the weeks prior to that 
policy going to the floor, the community had almost nothing to say on the 
mailing lists, yet when it came to the floor, there was a longer queue at 
the microphone than anything I have ever seen before or since.

We need to decide, is the only time we have for this organisation and to pay 
attention to the issues when we are away from home and away from our daily 
lives?  Is that the only time we are willing to spare for the organisation 
that provides us resources that are critical to our businesses?  I would 
hope we are more dedicated than that.



rpd mailing list
rpd at <mailto:rpd at>

rpd mailing list
rpd at <mailto:rpd at>

rpd mailing list
rpd at <mailto:rpd at>

rpd mailing list
rpd at <mailto:rpd at>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the RPD mailing list