[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: many rejects (Re: Second call for votes for the debian project leader election 2007)

On Sun, 1 Apr 2007 18:11:38 +0200, Michal Čihař <michal@cihar.com> said: 

> Hello On Fri, 30 Mar 2007 11:02:49 -0500
> Manoj Srivastava <srivasta@debian.org> wrote:

>> It turns out that it was indeed encrypted, but the message was not
>> signed; which means there is no information about who is sending
>> the ballot. This is a legitimate addition to the ballot; I'll point
>> it out in the next CFV.

> It of course was signed,

        No, it was not. The body of the encrypted but not signed email
 contained a signed vote, but the email itself was not signed.

> I simply don't know what went wrong, but it seems that something
> fooled script which is handling votes (signature won't verify,
> because I deleted the votes):

        I do know what went wrong.

        This is the most creative and weird action I have seen in the
 last few elections.

        You send an encrypted mail, which was not itself signed. This
 caused the vote to be rejected. Now, the body of the mail, once you
 decrypted it, did contain a signed vote -- but this is too late,
 since the outer mail was not signed, nothing processed the decrypted

        And no, you do not need to send in inline PGP when encrypting
 ballots;  you can send a signed *AND* encrypted RFC 3156 mail

Successful and fortunate crime is called virtue. Seneca
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/~srivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to: