[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [atlarge-discuss] online voting
I liked this low, medium high option. Seems like one of the main issues
for us is certifying that each voter is a real unique person, who controls
their own vote. Jamie
----- Original Message -----
From: "Stephen Waters" <swaters@amicus.com>
To: "James Love" <james.love@cptech.org>
Cc: "Eray Ozkural" <erayo@cs.bilkent.edu.tr>; "atlarge discuss list"
<atlarge-discuss@lists.fitug.de>
Sent: Wednesday, May 15, 2002 2:50 PM
Subject: Re: [atlarge-discuss] online voting
there's a difference between _requiring_ and _preferring_. I see no
reason why we can't support a few different methodologies for
authentication with different levels of trust for each method. The
purpose of differentiating between levels of trust is to reduce overall
risk by raising the bar for the possibility of compromise for as many
users as possible. I.e., a suspected compromise can be researched
starting with the most at-risk. The downside to this approach is that
more security problems can be introduced due to the variety of methods.
e.g.,
Difficulty | Trust | Method
---------- ----- ------
low high SSL-based website voting with username &
password & whatever else deemed necessary
(Postal code, Mother's maiden name,
emailed Confirmation ID, etc.)
low low ballots.atlarge.org sends out ballots to its list
of registered members with a randomly generated
reply-to address (or confirmation ID or whatever).
ballots must match the proper Mail From: address
and have the proper confirmation number.
high high emailed ballot signed with PGP key listed in
member list and inside local web-of-trust
medium medium emailed ballot signed with PGP key listed in
member list
This scenario allows members to reduce risk as they are able, but also
allows people without access to certain technologies to participate,
albeit at a more scrutinized level.
just a thought,
-s
On Wed, 2002-05-15 at 13:02, James Love wrote:
> Nothing that requires voters to use encryption will be that easy for a
> signficant number of potential at large members. Jamie
>
> ----- Original Message -----
> From: "Eray Ozkural" <erayo@cs.bilkent.edu.tr>
> To: "Stephen Waters" <swaters@amicus.com>
> Cc: <hblair@hotfootmail.com>; "atlarge discuss list"
> <atlarge-discuss@lists.fitug.de>; <debian-vote@lists.debian.org>
> Sent: Wednesday, May 15, 2002 1:42 PM
> Subject: Re: [atlarge-discuss] online voting
>
>
> : On Wednesday 15 May 2002 18:17, Stephen Waters wrote:
> : > For the voting process:
> : > 1) The Project Secretary emails out a ballot
> : > http://www.debian.org/vote/howto_vote
> : >
> : > 2) Each developer PGP signs the mail and sends it to the proper
address
> : > 3) Software tabulates the votes according to the Constitution
> : > 4) Project Secretary certifies the results
> :
> : Yes. I think it also has the kind of cryptographic secrecy and openness
> that
> : would be useful for you. I'm sure the person(s) who have designed and
> written
> : the code will be of assistance.
> :
> : Regards,
> :
> : --
> : Eray Ozkural (exa) <erayo@cs.bilkent.edu.tr>
> : Comp. Sci. Dept., Bilkent University, Ankara
> : www: http://www.cs.bilkent.edu.tr/~erayo Malfunction:
> http://mp3.com/ariza
> : GPG public key fingerprint: 360C 852F 88B0 A745 F31B EA0F 7C07 AE16
874D
> 539C
> :
> :
> : ---------------------------------------------------------------------
> : To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
> : For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de
> :
> :
> :
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
> For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de
>
---------------------------------------------------------------------
To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de