Re: Secret votes HOWTO
peter karlsson <firstname.lastname@example.org> writes:
> > Standard procedure to do secret votes in other communities where secret
> > electronic votes have been wished has been for each voter to supply
> > their own secret password (any alphanumeric string), which was then
> > published along with the vote. Those wishing to be non-anonymous
> > usually supplied their name and address as password.
On Tue, Apr 03, 2001 at 11:20:07AM -0700, lantz moore wrote:
> doesn't there still have to be a server supplied bit of randomness to
> ensure uniqueness?
If all that's required is uniqueness, a simple counter (incremented
once each time a ballot is received) would be sufficient.
> > The vote counting software throws away all information except the
> > vote and the password once the origin of the vote has been checked.
> would adding someone elses name and e-mail be allowed?
We already require that a person pgp sign their ballot. We reject
anything without a valid signature.
Or, as all too many people noticed -- sometimes we even reject ballots
with a valid signature. [The two big causes where: Mutt putting the
wrong headers on the message, so that we'd try to validate using the
wrong message integrity check algorithm*, and the LDAP server going down
for a short while.]
* I understand that there's a problem with gpg not telling mutt what
this algorithm is for the default key. However, if nothing else, mutt
could take the signed message and do a few passes over it to identify the
algorithm. And, of course, gpg can (in principle at least) be enhanced.