Re: Testing the voting scripts
On Sat, 17 May 2003 15:21:50 +0100, Andrew Suffield <email@example.com> said:
> On Sat, May 17, 2003 at 04:48:21AM -0500, Manoj Srivastava wrote:
>> If you can come up with a provably secure protocol for devotee to
>> use; I'll gladly switch to using that, provided that the additional
>> cost of implementing and using that protocol is not prohibitive.
> With this key in place, the current setup is provably secure under
> the criteria that the box and account which devotee runs on has to
> be secure and the secretary has to be trusted.
> Given that we need those criteria anyway for the current system, it
> is not particularly onerous here.
Quite. Thus the fact that we are actually using a key.
> Calling a gpg key "insecure" seems pretty silly... all that a gpg
> key says is that the message was signed/read by the owner of the
> private key. Anything else is a product of the user's imagination,
> not a property of gpg keys.
This is not quite true. There are key management policies,
without which, I shall not label a key secure, and indeed, keys can
be compromised, so there is a certain sense in calling a key secure,
or not. The label is certainly subjective, as to where you draw the
So, while nothing is ever absolutely secure, one can take
steps to secure the key; and make key compromises harder to
accomplish. None of those have been taken with this key.
> We have more stringent requirements for keys in the Debian keyring,
> and that is in no sense relevant here.
When I talk about secure and insecure keys, it has nothing to
do with whatever policies are in place for keys in the keyring. (What
gave you the idea it did?)
Given my SOP, this key is highly insecure; but still manages
to add value to the voting mechanism.
Anyway, this discussion is largely futile; you are unlikely to
change my mind on the security of a key living on a public machine,
where several people have super user rights, and, moreover, a machine
connected to the internet, and a key used by a script, and thus whose
pass phrase lives on the same networked public machine.
Passwords are implemented as a result of insecurity.
Manoj Srivastava <firstname.lastname@example.org> <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C