Re: Testing the voting scripts
On Sat, 17 May 2003 18:47:20 +1000, Anthony Towns <aj@azure.humbug.org.au> said:
> On Fri, May 16, 2003 at 06:25:28PM -0500, Manoj Srivastava wrote:
>> pub 1024D/DDB871CC 2003-05-14 The Debian Rainbow vote key (This is
>> an insecure, temporary vote mechanism key)
>> <rainbow@vote.debian.org>
> ^^^^^^^^
> That's a null word. Either they key lives up to the security
> guarantees it purports to (in which case it's not insecure), or it
> doesn't and it shouldn't be used.
The key by no means lives up to the expectations of security
that one may normally attach to a key signed, or controlled, by
me. The secret key lives on a networked box; indeed, on most votes it
lives on a _public_ networked box; it is used by a program, so the
pass phrase lives on the same machine; it is not at all what I would
term secure.
However, there are levels of insecurity; and though highly
vulnerable, messages signed by this key still are somewhat more
verifiable than unsigned messages.
So, I beg to differ that not using this key is better.
In the security world, things are not neatly binary -- either
secure, or insecure, and where one cab happily chose to use only
the so called provably secure mechanisms.
If you can come up with a provably secure protocol for devotee
to use; I'll gladly switch to using that, provided that the
additional cost of implementing and using that protocol is not
prohibitive.
manoj
--
One Bell System - it sometimes works.
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Reply to: