Re: [Moshe Zadka <m@moshez.org>] Independent Count

To: Henrique de Moraes Holschuh <hmh@debian.org>, debian-devel@lists.debian.org
Subject: Re: [Moshe Zadka <m@moshez.org>] Independent Count
From: Russell Coker <russell@coker.com.au>
Date: Mon, 24 Mar 2003 19:58:45 +0100
Message-id: <[🔎] 200303241958.45729.russell@coker.com.au>
Reply-to: Russell Coker <russell@coker.com.au>
In-reply-to: <[🔎] 20030324165614.GC29474@khazad-dum.debian.net>
References: <878yv4agin.fsf@glaurung.green-gryphon.com> <[🔎] 20030324165614.GC29474@khazad-dum.debian.net>

On Mon, 24 Mar 2003 17:56, Henrique de Moraes Holschuh wrote:
> Moshe wrote:
> >>I do not feel I can trust his words about the voting tallies for the
> >>upcoming elections. I wish that an independent Debian Developer be
> >>appointed for calculating the tallies himself.
>
> Maybe I am dense, but isn't the entire voting published (in hashed format)
> so that every developer that voted can see for himself if he vote was
> counted or not?  And, I suppose, raise a major havok if it is wrong?
>
> So, it would be just a matter of rerunning the counting script over the
> data published, and check wether it matches or not.
>
> So, in essence, EVERYONE can do such verification, already...

Given that the hashing prevents the secretary from altering a cast vote, how 
would a malicious secretary fake a vote?

They would cast a vote on behalf of a non-voting developer.  Obtaining a list 
of MIA developers is not too difficult.  If someone does not vote then they 
may not notice if the voting talley indicates that they cast a vote.

Is the secretary in a position to add votes to the talley without confirmation 
messages being sent out or in a position to subvert email to @debian.org 
addresses to make sure that such mail does not reach it's destination?  If so 
then they could concievably fake some votes without much risk of getting 
caught.  I expect that almost no-one checks to make sure that the fact that 
they did not vote was correctly registered...

To check the actions of the secretary someone else needs access to the signed 
vote records to ensure that every registered vote is the result of a signed 
email.

I totally trust Manoj on this issue.  I am posting to point out a flaw in your 
analysis of the situation regarding cryptographic voting not to demand that 
such checks be done.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

Follow-Ups:
- Re: [Moshe Zadka <m@moshez.org>] Independent Count
  - From: "H. S. Teoh" <hsteoh@quickfur.ath.cx>
- Re: [Moshe Zadka <m@moshez.org>] Independent Count
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: [Moshe Zadka <m@moshez.org>] Independent Count
  - From: Manoj Srivastava <srivasta@debian.org>

References:
- Re: [Moshe Zadka <m@moshez.org>] Independent Count
  - From: Henrique de Moraes Holschuh <hmh@debian.org>

Prev by Date: Re: [Moshe Zadka <m@moshez.org>] Independent Count
Next by Date: Re: [Moshe Zadka <m@moshez.org>] Independent Count
Previous by thread: Re: [Moshe Zadka <m@moshez.org>] Independent Count
Next by thread: Re: [Moshe Zadka <m@moshez.org>] Independent Count
Index(es):
- Date
- Thread