[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Secret votes HOWTO

peter karlsson <peter@softwolves.pp.se> writes:
> > Standard procedure to do secret votes in other communities where secret
> > electronic votes[1] have been wished has been for each voter to supply
> > their own secret password (any alphanumeric string), which was then
> > published along with the vote. Those wishing to be non-anonymous
> > usually supplied their name and address as password.

On Tue, Apr 03, 2001 at 11:20:07AM -0700, lantz moore wrote:
> doesn't there still have to be a server supplied bit of randomness to
> ensure uniqueness?


If all that's required is uniqueness, a simple counter (incremented
once each time a ballot is received) would be sufficient.

> > The vote counting software throws away all information except the
> > vote and the password once the origin of the vote has been checked.
> would adding someone elses name and e-mail be allowed?

We already require that a person pgp sign their ballot.  We reject
anything without a valid signature.

Or, as all too many people noticed -- sometimes we even reject ballots
with a valid signature.  [The two big causes where:  Mutt putting the
wrong headers on the message, so that we'd try to validate using the
wrong message integrity check algorithm*, and the LDAP server going down
for a short while.]


* I understand that there's a problem with gpg not telling mutt what
this algorithm is for the default key.  However, if nothing else, mutt
could take the signed message and do a few passes over it to identify the
algorithm.  And, of course, gpg can (in principle at least) be enhanced.

Reply to: