in reply to (z) Insuring Uniqueness on the Internet

Unfortunately, anyone can just get another internet account, a new username and password etc. I think you can only get a reasonable accurate authentication with a "real life" mechanism.

Here in Germany, there's actually a mechanism that allows you to go to any post office. They will authenticate you when you show them your identity card or passport. A few years ago a CA used this to hand out signed PGP keys. Maybe there's something similar available where you live -- it could take some administrative strain from you.

Another possibility would be to build an infrastructure somewhat like PGP/GPG: Members of the organisation vouch for a new member's identity. Still, for added security you'd still want the new member meet someone in "real life" to be authenticated. Every member would then receive a unique key and send out their votes signed, using their key. You can then ensure everybody only votes once if you can ensure every member can only receive one key. There's a couple other things to consider to set up a good public-key-infrastructure, this is just to get you going.

  • Comment on Re: (z) Insuring Uniqueness on the Internet

Replies are listed 'Best First'.
(z) Re^2: Insuring Uniqueness on the Internet
by zigdon (Deacon) on May 02, 2003 at 13:35 UTC

    A real life mechanism is the only thing we could think of too. Send a postcard to supplied snail-mail addresses, and require a code on that postcard. And while it is possible to get multiple snail mail addresses, it requires a lot more effort that email addresses.

    As for the web-of-trust, I'm not sure how it would work? If I am a member (because someone knows me, say), how do you know that members that put me as their referrer are real people, and not me?

    Just having me saying that "yah, I've met Joe", doesn't prove to anyone that I'm not lying, and I'm really Joe.

    -- zigdon

[reply]

In Section Seekers of Perl Wisdom