On Thursday, 24 March 2005 20:15, Matthew Palmer wrote: > On Fri, Mar 25, 2005 at 02:57:43AM +0000, Matthew Garrett wrote: > > Wesley J Landaker <wjl@icecavern.net> wrote: > > > On Thursday, 24 March 2005 16:52, Roger Leigh wrote: > > >> Happily, the OP still has a chance to change his mind ;-) > > > > > > Unless someone else sends in his already signed ballot... > > > > You can send in multiple ballots. Only the last one will count. As > > a result, you're free to change your mind up until the deadline. > > I think that Wesley may be thinking more along the lines of a simple > replay attack -- if you *do* change your mind, your earlier > (publically posted) ballot can be fed back into the system again, to > reset your preferences to those you originally chose. Actually, I was thinking of replay, but was thinking in terms of the system only accepting one vote, but since it accepts it more than ones, this is also an attack... of course, it's irrelevent if you never change your mind. (= > Since the voter gets a return e-mail, they'd likely know about it, > but if the attacker was clever and threw your ballot in right before > the deadline, you wouldn't have enough time to correct it, and would > need to bother Manoj to get it sorted out. Yeah, it seems this would be possible in the current system. One way to work around this would be to reject vote e-mails that are identical to ones seen before (say, save a md5sum of the signed portion of the e-mail, *including* the GPG signature block). -- Wesley J. Landaker <wjl@icecavern.net> OpenPGP FP: 4135 2A3B 4726 ACC5 9094 0097 F0A9 8A4C 4CD6 E3D2
Attachment:
pgpqKXF4bDgkT.pgp
Description: PGP signature