[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [atlarge-discuss] online voting
Stephen and all stakeholders of interested parties,
I agree with you here Stephen. And the technology is available
and in use to do this. However I don't see a great need for
very high level of security for voting purposes...
Stephen Waters wrote:
> there's a difference between _requiring_ and _preferring_. I see no
> reason why we can't support a few different methodologies for
> authentication with different levels of trust for each method. The
> purpose of differentiating between levels of trust is to reduce overall
> risk by raising the bar for the possibility of compromise for as many
> users as possible. I.e., a suspected compromise can be researched
> starting with the most at-risk. The downside to this approach is that
> more security problems can be introduced due to the variety of methods.
>
> e.g.,
>
> Difficulty | Trust | Method
> ---------- ----- ------
> low high SSL-based website voting with username &
> password & whatever else deemed necessary
> (Postal code, Mother's maiden name,
> emailed Confirmation ID, etc.)
>
> low low ballots.atlarge.org sends out ballots to its list
> of registered members with a randomly generated
> reply-to address (or confirmation ID or whatever).
> ballots must match the proper Mail From: address
> and have the proper confirmation number.
>
> high high emailed ballot signed with PGP key listed in
> member list and inside local web-of-trust
>
> medium medium emailed ballot signed with PGP key listed in
> member list
>
> This scenario allows members to reduce risk as they are able, but also
> allows people without access to certain technologies to participate,
> albeit at a more scrutinized level.
>
> just a thought,
> -s
>
> On Wed, 2002-05-15 at 13:02, James Love wrote:
> > Nothing that requires voters to use encryption will be that easy for a
> > signficant number of potential at large members. Jamie
> >
> > ----- Original Message -----
> > From: "Eray Ozkural" <erayo@cs.bilkent.edu.tr>
> > To: "Stephen Waters" <swaters@amicus.com>
> > Cc: <hblair@hotfootmail.com>; "atlarge discuss list"
> > <atlarge-discuss@lists.fitug.de>; <debian-vote@lists.debian.org>
> > Sent: Wednesday, May 15, 2002 1:42 PM
> > Subject: Re: [atlarge-discuss] online voting
> >
> >
> > : On Wednesday 15 May 2002 18:17, Stephen Waters wrote:
> > : > For the voting process:
> > : > 1) The Project Secretary emails out a ballot
> > : > http://www.debian.org/vote/howto_vote
> > : >
> > : > 2) Each developer PGP signs the mail and sends it to the proper address
> > : > 3) Software tabulates the votes according to the Constitution
> > : > 4) Project Secretary certifies the results
> > :
> > : Yes. I think it also has the kind of cryptographic secrecy and openness
> > that
> > : would be useful for you. I'm sure the person(s) who have designed and
> > written
> > : the code will be of assistance.
> > :
> > : Regards,
> > :
> > : --
> > : Eray Ozkural (exa) <erayo@cs.bilkent.edu.tr>
> > : Comp. Sci. Dept., Bilkent University, Ankara
> > : www: http://www.cs.bilkent.edu.tr/~erayo Malfunction:
> > http://mp3.com/ariza
> > : GPG public key fingerprint: 360C 852F 88B0 A745 F31B EA0F 7C07 AE16 874D
> > 539C
> > :
> > :
> > : ---------------------------------------------------------------------
> > : To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
> > : For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de
> > :
> > :
> > :
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
> > For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de
> >
>
> ------------------------------------------------------------------------
>
> Name: signature.asc
> signature.asc Type: application/pgp-signature
> Description: This is a digitally signed message part
Regards,
--
Jeffrey A. Williams
Spokesman for INEGroup - (Over 121k members/stakeholdes strong!)
CEO/DIR. Internet Network Eng/SR. Java/CORBA Development Eng.
Information Network Eng. Group. INEG. INC.
E-Mail jwkckid1@ix.netcom.com
Contact Number: 972-244-3801 or 214-244-4827
Address: 5 East Kirkwood Blvd. Grapevine Texas 75208
---------------------------------------------------------------------
To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de