[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DEP-16 Confidential votes



Le 14/04/2021 à 18:57, Timo Röhling a écrit :
> I certainly wouldn't mind if Stephane were willing to help us setup
> a nifty e-voting solution and advise us on the best way to proceed. 

I would be glad to help :-)

> Correct me if I am wrong, but as far as I understood it, we cannot avoid
> that *someone* in the project has the opportunity to connect ballots
> with voters (because someone has to administrate the registrar), unless
> we involve a third party in the credential generation.

Indeed, in Belenios, the credential authority and the server have the
opportunity to connect *encrypted* ballots with voters, but there is no
known way to connect voters with their plaintext choices.

> [...] the current scheme using pseudonym hashes is
> almost good enough, it just lacks a way to prove that each pseudonym
> really matches with exactly one voter. [...]

This is difficult in general, but in Debian the voter list is public so
I guess something can be done with logins and/or PGP keys.

> With all that being said and having made my case, I am open for any
> reasonably secure solution (including Belenios) that we can agree on,
> and I will help implement it if I can.

And I am open to make changes in Belenios if needed.


Cheers,

-- 
Stéphane


Reply to: