On Tuesday 05 April 2005 19:29, Manoj Srivastava wrote: > On Tue, 5 Apr 2005 21:38:51 +0200, David Schmitt <david@schmitt.edv-bus.at> said: > > On Tuesday 05 April 2005 19:29, Manoj Srivastava wrote: > >> On Mon, 4 Apr 2005 10:18:26 +0100, Matthew Garrett > >> > >> mgarrett@chiark.greenend.org.uk> said: > >> > If I sign three votes over the course of a day and then send them > >> > in reverse order, will the votes that were signed earlier be > >> > accepted even if they were sent later? > >> > >> Sure. As far as devotee is concerned, the ordering when the ballots > >> were received is the only one that matters. Since email ordering > >> is not guaranteed, you may wish to wait for devotee's ack is you > >> are firing off multiple ballots. > > > > So any signed vote made public can be used to override any later > > decision by the voter in question by replaying the publicised mail > > and signature. > > No, that would be stupid. This is why we have a guard against > replay attacks. But if the original vote that was signed and posted publicly was never sent in, then there wouldn't be any record of the vote--so if it was sent in at the last minute, devotee would be seeing it for the first time... -- Wesley J. Landaker <wjl@icecavern.net> OpenPGP FP: 4135 2A3B 4726 ACC5 9094 0097 F0A9 8A4C 4CD6 E3D2
Attachment:
pgpUPrRNLaPMH.pgp
Description: PGP signature