[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Reaffirm public voting

Timo Röhling <roehling@debian.org> writes:
> * Thomas Goirand <zigo@debian.org>:

>> 2- Receipt-freeness: a voter does not gain any information (a receipt)
>> which can be used to prove to a coercer that she voted in a certain way.

>> 6- Eligibility verifiability: anyone can check that each vote in the
>> election outcome was cast by a registered voter and there is at most one
>> vote per voter.

> Property 2 is violated if the vote is confirmed in a signed email like
> the public votes (I can't say because I never participated in a DPL
> election yet).

It is.  Our current voting system makes no attempt at property 2.

> Property 6 is violated, because you can trivially add arbitrary
> ballots with random HMAC_SHA256_HEX values (unless the voter turnout
> is 100%, which seems rather unlikely).

I'm not sure that I see this for DPL elections because we publish both the
list of votes and the list of voters.  If those two lists aren't the same
length, that's fairly trivially detectable.

-- 
Russ Allbery (rra@debian.org)              <https://www.eyrie.org/~eagle/>
Reply to: