there's a difference between _requiring_ and _preferring_. I see no reason why we can't support a few different methodologies for authentication with different levels of trust for each method. The purpose of differentiating between levels of trust is to reduce overall risk by raising the bar for the possibility of compromise for as many users as possible. I.e., a suspected compromise can be researched starting with the most at-risk. The downside to this approach is that more security problems can be introduced due to the variety of methods. e.g., Difficulty | Trust | Method ---------- ----- ------ low high SSL-based website voting with username & password & whatever else deemed necessary (Postal code, Mother's maiden name, emailed Confirmation ID, etc.) low low ballots.atlarge.org sends out ballots to its list of registered members with a randomly generated reply-to address (or confirmation ID or whatever). ballots must match the proper Mail From: address and have the proper confirmation number. high high emailed ballot signed with PGP key listed in member list and inside local web-of-trust medium medium emailed ballot signed with PGP key listed in member list This scenario allows members to reduce risk as they are able, but also allows people without access to certain technologies to participate, albeit at a more scrutinized level. just a thought, -s On Wed, 2002-05-15 at 13:02, James Love wrote: > Nothing that requires voters to use encryption will be that easy for a > signficant number of potential at large members. Jamie > > ----- Original Message ----- > From: "Eray Ozkural" <erayo@cs.bilkent.edu.tr> > To: "Stephen Waters" <swaters@amicus.com> > Cc: <hblair@hotfootmail.com>; "atlarge discuss list" > <atlarge-discuss@lists.fitug.de>; <debian-vote@lists.debian.org> > Sent: Wednesday, May 15, 2002 1:42 PM > Subject: Re: [atlarge-discuss] online voting > > > : On Wednesday 15 May 2002 18:17, Stephen Waters wrote: > : > For the voting process: > : > 1) The Project Secretary emails out a ballot > : > http://www.debian.org/vote/howto_vote > : > > : > 2) Each developer PGP signs the mail and sends it to the proper address > : > 3) Software tabulates the votes according to the Constitution > : > 4) Project Secretary certifies the results > : > : Yes. I think it also has the kind of cryptographic secrecy and openness > that > : would be useful for you. I'm sure the person(s) who have designed and > written > : the code will be of assistance. > : > : Regards, > : > : -- > : Eray Ozkural (exa) <erayo@cs.bilkent.edu.tr> > : Comp. Sci. Dept., Bilkent University, Ankara > : www: http://www.cs.bilkent.edu.tr/~erayo Malfunction: > http://mp3.com/ariza > : GPG public key fingerprint: 360C 852F 88B0 A745 F31B EA0F 7C07 AE16 874D > 539C > : > : > : --------------------------------------------------------------------- > : To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de > : For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de > : > : > : > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de > For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de >
This is a digitally signed message part