Re: Reaffirm public voting
Timo Röhling <roehling@debian.org> writes:
> * Thomas Goirand <zigo@debian.org>:
>> 2- Receipt-freeness: a voter does not gain any information (a receipt)
>> which can be used to prove to a coercer that she voted in a certain way.
>> 6- Eligibility verifiability: anyone can check that each vote in the
>> election outcome was cast by a registered voter and there is at most one
>> vote per voter.
> Property 2 is violated if the vote is confirmed in a signed email like
> the public votes (I can't say because I never participated in a DPL
> election yet).
It is. Our current voting system makes no attempt at property 2.
> Property 6 is violated, because you can trivially add arbitrary
> ballots with random HMAC_SHA256_HEX values (unless the voter turnout
> is 100%, which seems rather unlikely).
I'm not sure that I see this for DPL elections because we publish both the
list of votes and the list of voters. If those two lists aren't the same
length, that's fairly trivially detectable.
--
Russ Allbery (rra@debian.org) <https://www.eyrie.org/~eagle/>
Reply to: