Search RPD Archives
BPKI was RE: [members-discuss] [rpd] Privacy breach of nomcom2015's Mailing.List
Saul
saul at enetworks.co.za
Fri Jun 12 13:31:22 UTC 2015
Hi
We already have a login on the my.afrinic.net portal, surely that means that
we are already trusted?
If that is not the case, then we shouldn’t trust anything on there.
In reality, what is the point of sending an ID document? It is not validated
against anything or anyone. I could send my neighbours document and no-one
would ever be the wiser. HOWEVER, when my AFRINIC handle is associated to my
company, THAT is the only time I am truly validated.
I would like to think that the admin contact approves additional contacts,
so that is where the validation should lie – trust the handle.
(Yes, welcome to use the BPKI system, but the fact that I have an AFRINIC
handle, means that I should be validated.)
Cheers
Saul
(perhaps this should be on the discuss list and not the RPD list
From: rpd-bounces at afrinic.net [mailto:rpd-bounces at afrinic.net] On Behalf Of
Arnaud AMELINA
Sent: 11 June 2015 11:56 PM
To: Bill Woodcock
Cc: Mwendwa Kivuva; rpd >> AfriNIC Resource Policy; Andrew Alston
Subject: Re: [members-discuss] [rpd] Privacy breach of nomcom2015's
Mailing.List
@Bill
English:
In my humble opinion, we need a minimum of security for people to trust the
voting system and avoid disputes and especially prove the non-repudiation. I
think people should prepare to use the system well in advance to avoid
running at the last moment.
Français:
A mon humble avis, Nous avons besoin d'un minimum de sécurité pour que les
gens fassent confiance au système de vote et d'éviter les contestations et
surtout prouver la non-répudiation. Je pense que les gens devraient se
préparer à utiliser le système longtemps à l'avance afin d'éviter de courir
au dernier moment.
Le 9 juin 2015 11:03, "Bill Woodcock" <woody at pch.net <mailto:woody at pch.net>
> a écrit :
Indeed it would be. Just a question of how much security one wants, and how
much one wants the security to be dependent upon AfriNIC maintaining a
password-store. But yes, what you suggest is the simplest solution, and
what the other RIRs do, to the best of my knowledge.
-Bill
On Jun 9, 2015, at 12:36, Jackson Muthili <jacksonmuthi at gmail.com
<mailto:jacksonmuthi at gmail.com> > wrote:
Wouldn't it be simpler to just log in and cast the vote without pgp and pki?
On Tuesday, June 9, 2015, Bill Woodcock <woody at pch.net
<mailto:woody at pch.net> > wrote:
Wouldn't it be simpler to just PGP-sign the vote, and skip all the
document-checking?
-Bill
On Jun 9, 2015, at 09:32, Andrew Alston <Andrew.Alston at liquidtelecom.com
<mailto:Andrew.Alston at liquidtelecom.com> > wrote:
Hi Ismail,
There are various reasons I can see, and I’m sure more than I haven’t yet
seen.
One of the things that has been brought to my attention with regards to
remote electronic voting is that many people are hesitant to provide
identification documents to AfriNIC that are stored by AfriNIC due to
security reasons. (Current process says that you have to send a copy of an
ID document to AfriNIC to get a BPKI certificate that is used to vote). I’ve
had some discussions in this regard with various people and will be putting
forward a proposal or two for consideration to see if we can perhaps resolve
this. It’s my personal view that there is no need for such documents to be
stored by AfriNIC so long as they are verified and validated. One of the
things that was pointed out for example, is that in certain countries you
can take your ID document to a bank, they verify its real, and they provide
you a letter saying they have seen it, they have verified it, it is real,
and you use that letter rather than actually disclosing the ID document (I
believe that was in Germany but am open to correction).
Perhaps we could look at a similar approach, not necessarily with banks, but
with other members in good standing that are trusted being used to verify
such documents.
Furthermore, I know of some fairly large registration drives that will be
happening in the next few months conducted by various members of the
community at various meetings, where time has been set aside specifically to
assist people in getting registered so that come the next election they can
cast their votes. That being said, we may need to resolve the first issue I
raised before hand.
With regards to the discussions online, that’s a complicated issue. I argue
that many of our members probably don’t understand the criticality of
AfriNIC, the powers they as members hold, or the consequences of AfriNIC
going wrong. This is an education issue that needs to be solved.
The question here is, does this education issue need to be resolved from an
AfriNIC perspective, or does this need to come from active members of the
community? I would argue the latter, but it is subject to a debate.
Irrespective of who does the educating though, I believe the community needs
to better understand the following aspects (and potentially others)
a.) What are the contents of the current bylaws, and what rights AND
obligations do they bestow on members
b.) What rights and obligations does the member services agreement bestow
on members
c.) If members are unhappy with the status-quo, what are the ways they
can address these issues, how can THEY create change.
Yes, we talk of committees, and they have their place and are useful, but be
that as it may, it can be argued that members need to know they themselves
are empowered to propose the changes they feel are necessary and should be
encouraged to do so. That is what a membership organization is about,
letting the members speak and be heard, irrespective of if we agree with
what is being said or not.
To finish these thoughts, I’d like to quote Margaret Mead…
“Never doubt that a small group of thoughtful committed citizens can change
the world; indeed, it’s the only thing that ever has.”
Andrew
(Written entirely in my own personal capacity)
From: ismailmss at gmail.com <mailto:ismailmss at gmail.com>
[mailto:ismailmss at gmail.com] On Behalf Of Ismail M. Settenda
Sent: Tuesday, June 9, 2015 10:01 AM
To: Seun Ojedeji
Cc: Andrew Alston; Mwendwa Kivuva; rpd
Subject: Re: [members-discuss] [rpd] Privacy breach of nomcom2015's Mailing
List
@Andrew, in adding to Seun's comments I agree with your observations
..however I am thinking that though an idea is valid and right lets not
force the issue if understanding has not been achieved especially if as you
say it is for the community.... and as Seun has pointed out there is some
progress (not as fast as it should be but some progress nevertheless).
I am wondering if you could do something different this time round to get
the on-line discussions improving by initiating some program whose goal is
to enable people participate more before we get to the AGMM but by first
identifying and understanding the reasons why they are quiet. , cause people
keep silent for various reasons: some don't want to add more to the noise,
some don't know it is their mandate to say something, some don't believe it
the right forum for change....e.t.c....e.t.c
This way between now and the next AGMM you have some pointers for you to
analyze on why on-line participation is low and then model some mechanisms
to correct this. These the board could then take into consideration and
catalyze and steer the discussion at the AGMM to a more representative and
unified conclusion.
I believe the best time we have for this organization and to pay attention
to the issues is when we are away from home and away from our daily lives so
lets maximize on that but we should not then make it the only time we are
willing to spare for the organization that provides us resources that are
critical to our businesses.
Regards
--
Ismail
TISPA
On 9 June 2015 at 08:26, Seun Ojedeji <seun.ojedeji at gmail.com
<mailto:seun.ojedeji at gmail.com> > wrote:
I agree with you Andrew; discussions should not wait till face 2 face and we
should discuss them as much as possible on the list.
I think that is happening and improving as far as policy is concerned.
Resolution discussion on the other hand is not something that people are
used to discussing on the list (especially on members list) as they don't
come often.
That said, I think substantive discussion on the various list will continue
to improve as the organisation leadership continue to act transparently and
communicate with the community on status of things. The more we get clear
view of things, the more likely that our content will be based more on
substance and facts.
Regards
sent from Google nexus 4
kindly excuse brevity and typos.
On 9 Jun 2015 05:54, "Andrew Alston" <Andrew.Alston at liquidtelecom.com
<mailto:Andrew.Alston at liquidtelecom.com> > wrote:
Hi All,
While I have largely chosen to stay silent in this debate, because I believe
many of these issues were already resolved at the AGMM, there is one thing I
would like to comment on.
This has become quite normal. Somebody at the floor of the AGM called the
entire Afrinic community "a community of mutings" or something like it. And
he did it full of arrogance and sense of importance.
Let me take a second to clarify what I actually said here.
Far to often when something is brought to the floor of a meeting, people
want to either complain that it hasn’t been discussed first or that they
have never seen it. The reality is, most issues that land on the floor of
either the PDP or the AGMM have in some form or another been on these lists.
The comment made here was in reference to the special resolutions that I put
on the floor, and the people on the floor who stated that the community had
not discussed them or provided input to them. This was inaccurate, since
the special resolutions had been placed on the members list on the 20th of
May 2015, and the community had chosen not to respond to them or discuss
them. I referred to that as “mute mode”, and never said “a community of
mutings”.
If we choose to stay silent on the lists and only respond when things
eventually hit the floor of the meeting room, I argue that we have done the
community a huge disservice and we should castigate ourselves for that,
rather than complaining we had no chance to comment. Why do I say this?
Because the reality is that on the floor we have fairly low representation,
and in fact in terms of members, less than 10% of members were represented
on the members side of the room in the AGMM. By choosing to only discuss
and debate (and indeed object) to things only in the room, we disenfranchise
the rest of the member base, and deny them our opinions and their chance to
agree or rebut.
This is not the first time this issue has come up either. As I pointed out
then, it took an incredibly controversial policy going to the floor of the
PDP in Tanzania to really engender debate, and in the weeks prior to that
policy going to the floor, the community had almost nothing to say on the
mailing lists, yet when it came to the floor, there was a longer queue at
the microphone than anything I have ever seen before or since.
We need to decide, is the only time we have for this organisation and to pay
attention to the issues when we are away from home and away from our daily
lives? Is that the only time we are willing to spare for the organisation
that provides us resources that are critical to our businesses? I would
hope we are more dedicated than that.
Thanks
Andrew
_______________________________________________
rpd mailing list
rpd at afrinic.net <mailto:rpd at afrinic.net>
https://lists.afrinic.net/mailman/listinfo.cgi/rpd
_______________________________________________
rpd mailing list
rpd at afrinic.net <mailto:rpd at afrinic.net>
https://lists.afrinic.net/mailman/listinfo.cgi/rpd
_______________________________________________
rpd mailing list
rpd at afrinic.net <mailto:rpd at afrinic.net>
https://lists.afrinic.net/mailman/listinfo.cgi/rpd
_______________________________________________
rpd mailing list
rpd at afrinic.net <mailto:rpd at afrinic.net>
https://lists.afrinic.net/mailman/listinfo.cgi/rpd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20150612/e3d0b22c/attachment.html>
More information about the RPD
mailing list