[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [atlarge-discuss] online voting



Stephen and all stakeholders of interested parties,

  I agree with you here Stephen.  And the technology is available
and in use to do this.  However I don't see a great need for
very high level of security for voting purposes...

Stephen Waters wrote:

> there's a difference between _requiring_ and _preferring_. I see no
> reason why we can't support a few different methodologies for
> authentication with different levels of trust for each method. The
> purpose of differentiating between levels of trust is to reduce overall
> risk by raising the bar for the possibility of compromise for as many
> users as possible. I.e., a suspected compromise can be researched
> starting with the most at-risk. The downside to this approach is that
> more security problems can be introduced due to the variety of methods.
>
> e.g.,
>
> Difficulty | Trust | Method
> ----------   -----   ------
> low          high    SSL-based website voting with username &
>                      password & whatever else deemed necessary
>                      (Postal code, Mother's maiden name,
>                      emailed Confirmation ID, etc.)
>
> low          low     ballots.atlarge.org sends out ballots to its list
>                      of registered members with a randomly generated
>                      reply-to address (or confirmation ID or whatever).
>                      ballots must match the proper Mail From: address
>                      and have the proper confirmation number.
>
> high         high    emailed ballot signed with PGP key listed in
>                      member list and inside local web-of-trust
>
> medium       medium  emailed ballot signed with PGP key listed in
>                      member list
>
> This scenario allows members to reduce risk as they are able, but also
> allows people without access to certain technologies to participate,
> albeit at a more scrutinized level.
>
> just a thought,
> -s
>
> On Wed, 2002-05-15 at 13:02, James Love wrote:
> > Nothing that requires voters to use encryption will be that easy for a
> > signficant number of potential at large members.  Jamie
> >
> > ----- Original Message -----
> > From: "Eray Ozkural" <erayo@cs.bilkent.edu.tr>
> > To: "Stephen Waters" <swaters@amicus.com>
> > Cc: <hblair@hotfootmail.com>; "atlarge discuss list"
> > <atlarge-discuss@lists.fitug.de>; <debian-vote@lists.debian.org>
> > Sent: Wednesday, May 15, 2002 1:42 PM
> > Subject: Re: [atlarge-discuss] online voting
> >
> >
> > : On Wednesday 15 May 2002 18:17, Stephen Waters wrote:
> > : > For the voting process:
> > : > 1) The Project Secretary emails out a ballot
> > : > http://www.debian.org/vote/howto_vote
> > : >
> > : > 2) Each developer PGP signs the mail and sends it to the proper address
> > : > 3) Software tabulates the votes according to the Constitution
> > : > 4) Project Secretary certifies the results
> > :
> > : Yes. I think it also has the kind of cryptographic secrecy and openness
> > that
> > : would be useful for you. I'm sure the person(s) who have designed and
> > written
> > : the code will be of assistance.
> > :
> > : Regards,
> > :
> > : --
> > : Eray Ozkural (exa) <erayo@cs.bilkent.edu.tr>
> > : Comp. Sci. Dept., Bilkent University, Ankara
> > : www: http://www.cs.bilkent.edu.tr/~erayo  Malfunction:
> > http://mp3.com/ariza
> > : GPG public key fingerprint: 360C 852F 88B0 A745 F31B  EA0F 7C07 AE16 874D
> > 539C
> > :
> > :
> > : ---------------------------------------------------------------------
> > : To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
> > : For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de
> > :
> > :
> > :
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
> > For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de
> >
>
>   ------------------------------------------------------------------------
>
>                           Name: signature.asc
>    signature.asc          Type: application/pgp-signature
>                    Description: This is a digitally signed message part

Regards,
--
Jeffrey A. Williams
Spokesman for INEGroup - (Over 121k members/stakeholdes strong!)
CEO/DIR. Internet Network Eng/SR. Java/CORBA Development Eng.
Information Network Eng. Group. INEG. INC.
E-Mail jwkckid1@ix.netcom.com
Contact Number:  972-244-3801 or 214-244-4827
Address: 5 East Kirkwood Blvd. Grapevine Texas 75208



---------------------------------------------------------------------
To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de