[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Testing the voting scripts

On Sat, 17 May 2003 18:47:20 +1000, Anthony Towns <aj@azure.humbug.org.au> said: 

> On Fri, May 16, 2003 at 06:25:28PM -0500, Manoj Srivastava wrote:
>> pub 1024D/DDB871CC 2003-05-14 The Debian Rainbow vote key (This is
>> an insecure, temporary vote mechanism key)
>> <rainbow@vote.debian.org>
>               ^^^^^^^^

> That's a null word. Either they key lives up to the security
> guarantees it purports to (in which case it's not insecure), or it
> doesn't and it shouldn't be used.

	The key by no means lives up to the expectations of security
 that one may normally attach to a key signed, or controlled, by
 me. The secret key lives on a networked box; indeed, on most votes it
 lives on a _public_ networked box; it is used by a program, so the
 pass phrase lives on the same machine; it is not at all what I would
 term secure.

	However, there are levels of insecurity; and though highly
 vulnerable, messages signed by this key still are somewhat more
 verifiable than unsigned messages. 

	So, I beg to differ that not using this key is better.

	In the security world, things are not neatly binary -- either
 secure, or insecure, and where one cab happily chose to use only
 the so called provably secure mechanisms.

	If you can come up with a provably secure protocol for devotee
 to use; I'll gladly switch to using that, provided that the
 additional cost of implementing and using that protocol is not


One Bell System - it sometimes works.
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to: