On Thu, May 16, 2002 at 03:01:38PM +0200, Vittorio Bertola wrote: >
So, to apply this system to ICANN, we would have to build the At Large
membership by cooptation, ie each new member would have to be
introduced by another one. This could be somewhat interesting, but I
guess it could be not open enough for our scale and purposes.
Debian has chosen this particular method because it's consistent with
our goals as a community: a PGP web of trust maps closely onto the
relationships that have to exist among us as developers of an operating
system. For ICANN, I'm pretty sure that this does not apply; so
requiring all PGP keys to be signed by someone already in ICANN is
probably not the way to go about it. You can choose a different method
that provides the right balance of security and convenience for your
organization. You might accept PGP keys with only email verification,
you might accept them printed out and sent by normal mail, you might
accept keys that have been signed into the global web of trust. Each
approach offers a different degree of authenticity, and carries with it
a different degree of overhead.