Re: Vote verification --- a futile exercise?

To: debian-vote@lists.debian.org
Subject: Re: Vote verification --- a futile exercise?
From: Anthony Towns <aj@azure.humbug.org.au>
Date: Wed, 3 Apr 2002 18:28:26 +1000
Message-id: <[🔎] 20020403082826.GF21968@azure.humbug.org.au>
Mail-followup-to: debian-vote@lists.debian.org
In-reply-to: <[🔎] E1E11230-46DA-11D6-AE90-00039355CFA6@suespammers.org>
References: <[🔎] 20020403065642.GA21968@azure.humbug.org.au> <[🔎] E1E11230-46DA-11D6-AE90-00039355CFA6@suespammers.org>

(no need to cc me, i'm subscribed to -vote)

On Wed, Apr 03, 2002 at 03:14:55AM -0500, Anthony DeRobertis wrote:
> >>You might think that (4) would be detected when the list was
> >>released, but it won't because there is no one to _deny_ that
> >>vote.
> >Sure there is. Send a signed mail that says "I didn't vote."
> Who shall do that? Every member of Debian who did not vote? 

No, everyone who didn't vote but had their name listed in the final
tally sheet as having voted.

> It being a secret ballot and all, there is no way for me to 
> match up a vote (other than my own, by knowledge of the shared 
> cookie) with a specific developer. The cookies that the 
> secretary made up happen to belong to no developer. But I don't 
> (and can't) know that.

But what you do know is the names of everyone whom the secretary claims
voted (which you can check against the keyring), and the votes the
secretary claims to have received. You can verify there are the same
number of entries in both lists.

> Non-existent developers don't send signed messages stating they 
> did not vote. However, with the help of the secretary, they do 
> vote :-(

Nope. The secretary has to list a real live developer for each vote he
wants to conclude.

The tally will look like:

	The following people voted:
		Anthony Towns <ajt@debian.org>
		Manoj Srivastava <srivasta@debian.org>
		Mickey Mouse <mickey@debian.org>

	The following votes were received:
		1234 764efa883dda1e11db47671c4a3bbd9e
		4321 102f5037fe6474019fe947b4977bb2a5
		1324 c796c191140b5f9ce61892fab185f8d3

	You may verify your vote was tallied correctly by running:
	  echo 'Your Name <addr@debian.org> voted XYZW with nonce 1234' | md5sum

Anyone can check that the people listed as voting are actual developers.

Anyone can check that they're entry is correct (not listed if they didn't
vote, listed with the appropriate checksum next to the appropriate vote
if they did vote).

Anyone can check that the votes received should result in the outcome that's
declared.

In short, you've missed something.

> >>The easiest solution is to make sure we can trust our vote counter.
> >Pfft, where's the fun in that?
> Well, _Applied Cryptography_ (you actually got me to dig it up 
> and open it) tells us how not to in Section 6.1, under "Improved 
> Voting with a Single Central Facility."

The techniques in Applied Crypto are mostly about avoiding having to
trust the vote collector. So they're not hugely relevant when we're
happy to send signed unencrypted tallies to Manoj.

Cheers,
aj

-- 
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.

                        Vote [1] Bdale!

--
To UNSUBSCRIBE, email to debian-vote-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Re: Vote verification --- a futile exercise?
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: Vote verification --- a futile exercise?
  - From: Anthony DeRobertis <asd@suespammers.org>

Prev by Date: Re: Vote verification --- a futile exercise?
Next by Date: Re: Vote verification --- a futile exercise?
Previous by thread: Re: Vote verification --- a futile exercise?
Next by thread: Re: Vote verification --- a futile exercise?
Index(es):
- Date
- Thread