Re: Secret votes HOWTO
* Jason Gunthorpe <jgg@debian.org> [010331 13:56]:
> Sounds like the PGP signature ID, date and key fingerprint tuple is what
> you want, all hashed together probably.
What is a PGP signature ID?
What date should be included? The date of signing, or the date of
sending? (For those folks who limit gpg/pgp actions to a machine not on
a network out of paranoia or intellegence, take your pick. :)
The idea I like the most so far is the 'user-supplied random nonce'
idea. I like this idea because using a collection of other data (I had
thought a hash of the ballot itself with some random stuff within the
ballot would be a good idea) is liable to failure because stupid email
systems manage to molest email in the strangest fashion: "From " to
">From ", etc. Putting random data in the ballot runs the risk of
changing the ballot too much. (Using the ascii armor format of gpg/pgp
would likely be a Good Idea in this case, which would allow for better
methods than the user-supplied random nonce. Is the ascii armor format
required/suggested/possible?)
The advantages of simply slapping a new piece on the side of our current
system as opposed to implementing one of the methods in Schneier is that
debvote already exists and seems to work. Perhaps when the
voting-methods crew is done, implementing the system using a protocol
from Schneier might be reasonable if the current debvote system couldn't
be easily extended to whatever system voting-methods comes up with.
--
Earthlink: The #1 provider of unsolicited bulk email to the Internet.
Reply to: