Re: Testing the voting scripts

To: debian-vote@lists.debian.org
Subject: Re: Testing the voting scripts
From: Manoj Srivastava <srivasta@debian.org>
Date: Sat, 17 May 2003 11:27:55 -0500
Message-id: <87bry1k06s.fsf@glaurung.green-gryphon.com>
In-reply-to: <20030517142150.GA22903@doc.ic.ac.uk> (Andrew Suffield's message of "Sat, 17 May 2003 15:21:50 +0100")
References: <87bry2lbiv.fsf@glaurung.green-gryphon.com> <20030517084720.GA10752@azure.humbug.org.au> <873cjdlx96.fsf@glaurung.green-gryphon.com> <20030517142150.GA22903@doc.ic.ac.uk>

On Sat, 17 May 2003 15:21:50 +0100, Andrew Suffield <asuffield@debian.org> said: 

> On Sat, May 17, 2003 at 04:48:21AM -0500, Manoj Srivastava wrote:
>> If you can come up with a provably secure protocol for devotee to
>> use; I'll gladly switch to using that, provided that the additional
>> cost of implementing and using that protocol is not prohibitive.

> With this key in place, the current setup is provably secure under
> the criteria that the box and account which devotee runs on has to
> be secure and the secretary has to be trusted.

> Given that we need those criteria anyway for the current system, it
> is not particularly onerous here.

	Quite. Thus the fact that we are actually using a key.

> Calling a gpg key "insecure" seems pretty silly... all that a gpg
> key says is that the message was signed/read by the owner of the
> private key. Anything else is a product of the user's imagination,
> not a property of gpg keys.

	This is not quite true. There are key management policies,
 without which, I shall not label a key secure, and indeed, keys can
 be compromised, so there is a certain sense in calling a key secure,
 or not. The label is certainly subjective, as to where you draw the
 line. 

	So, while nothing is ever absolutely secure, one can take
 steps to secure the key; and make key compromises harder to
 accomplish. None of those have been taken with this key. 

> We have more stringent requirements for keys in the Debian keyring,
> and that is in no sense relevant here.

	When I talk about secure and insecure keys, it has nothing to
 do with whatever policies are in place for keys in the keyring. (What
 gave you the idea it did?)

	Given my SOP, this key is highly insecure; but still manages
 to add value to the voting mechanism.

	Anyway, this discussion is largely futile; you are unlikely to
 change my mind on the security of a key living on a public machine,
 where several people have super user rights, and, moreover, a machine
 connected to the internet, and a key used by a script, and thus whose
 pass phrase lives on the same networked public machine. 

	manoj
-- 
Passwords are implemented as a result of insecurity.
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to:

References:
- Testing the voting scripts
  - From: Manoj Srivastava <srivasta@debian.org>
- Re: Testing the voting scripts
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: Testing the voting scripts
  - From: Manoj Srivastava <srivasta@debian.org>
- Re: Testing the voting scripts
  - From: Andrew Suffield <asuffield@debian.org>

Prev by Date: Re: Testing the voting scripts
Next by Date: Re: Testing the voting scripts
Previous by thread: Re: Testing the voting scripts
Next by thread: Re: Testing the voting scripts
Index(es):
- Date
- Thread