Xref: utzoo misc.consumers:4579 soc.misc:687 misc.misc:2666 comp.mail.misc:965 news.misc:1344 soc.net-people:711
Path: utzoo!utgpu!water!watmath!clyde!att-cb!osu-cis!tut.cis.ohio-state.edu!rutgers!bellcore!wind!tr
From: tr@wind.bellcore.com (tom reingold)
Newsgroups: misc.consumers,soc.misc,misc.misc,comp.mail.misc,news.misc,soc.net-people
Subject: Re: On-line Email Registry Service
Message-ID: <6793@bellcore.bellcore.com>
Date: 17 Apr 88 10:06:19 GMT
References: <2575@ihuxv.ATT.COM> <21660@bu-cs.BU.EDU> <2584@ihuxv.ATT.COM>
Sender: news@bellcore.bellcore.com
Reply-To: tr@wind.UUCP (tom reingold)
Distribution: na
Organization: Bellcore, Morristown, Noo Joizy
Lines: 49

In article <21660@bu-cs.BU.EDU> bzs@bu-cs.BU.EDU (Barry Shein) writes:
$ [What would]
$ prevent trivial fraud, such as my listing myself as Ronald Reagan and
$ setting up an account rr@bu-cs.bu.edu (ok, that would be a little
$ blatant, but you get the idea.)
$ 

In article <2584@ihuxv.ATT.COM> tedk@ihuxv.UUCP (55624-Kekatos,T.G.) writes:
$ How does anyone know that your name really isn't Ronald Reagan?
$ There are hundreds of them in the US. If you listed your occupation 
$ as "President, United States of America",
$ Then I would wonder if it was reallt you..

Ted, Barry said "you get the idea" but you don't.  He used the most
blatant example of forgery but it's a good question.  Suppose I
say I'm you because I want to misdirect any mail someone wants to
send to you.  I can give your email address with a phony machine
or login name.  I could even spell the machine or login name really
closely to yours so it looks right.

Or I could attach someone else's name and my email address in an
entry.  If it is NOT Ronald Reagan, the registry people would not
notice.

And suppose I am one of those hundreds of Americans named Ronald
Reagan.  Are the Registry people going to take my registration
seriously?  I called the Registry, registered myself, and don't
remember giving my occupation.  And even if I gave it, I would not
expect it as a requirement for registration.

And suppose ...

The problem is that the registration method is totally electronic,
making verification impossible.  A signature and a photo ID held
by someone with a matching face are still good methods.  No one
has come up with an analogous method that uses solely electronic
media.  Can you think of one?

Here is a new question:  Isn't this a little vulnerable?  The
Government can now look me up since I'm such a sucker, already
signed up.  Is this a new resource to build the Big Brother
phenomenon?  Comments, Barry?

"Just say NO to empty, dogmatic slogans coined by Nancy Reagan!"
Tom Reingold
PAPERNET:                      |INTERNET:       tr@bellcore.bellcore.com
Bell Communications Research   |UUCP-NET:       bellcore!tr
445 South St room 2L350        |SOUNDNET:       (201) 829-4622 [work],
Morristown, NJ 07960-1910      |                (201) 287-2345 [home]