On Tue, 07 Mar 2006, Anthony Towns wrote: > On Sun, Mar 05, 2006 at 04:09:04PM -0800, Don Armstrong wrote: > > Presumably the decryption key could be unlocked after the election > > and placed alongside the balots; since it should expire and be > > revoked after the completion of the vote, this shouldn't pose much > > of a problem. > > You'd want to avoid having that let people fake signed ACKs though, > which would allow a hypothetical malicious developer to bring the > mailbox presented into doubt. But I guess you could probably reveal > the decyrption key without revealing the signing key, or just use > subkeys for that purpose anyway. Yeah, I was assuming that the signing ack key would be different from the key used to encrypt messages to the mailbox (either via subkeys or entirely different keys.) I don't really know if that's the case though.[1] (I think we'd agree that the project would have far more serious problems than an election in doubt if we ended up with this happening. ;-)) Don Armstrong 1: I guess I don't really see the point to encrypt messages sent to the voting software anyway for non-dpl elections... if you're going to be in a position to use that data to vote stratigically, you're pretty much sitting on the same machine that devotee is running on anyway. -- The beauty of the DRUNKENNESS subprogram was that you could move your intoxication level up and down at will, instead of being caught on a relentless down escalator to bargain basement philosophy and the parking garage. -- Rudy von Bitter _Software_ p124 http://www.donarmstrong.com http://rzlab.ucr.edu
Attachment:
signature.asc
Description: Digital signature