Re: Spec for anonymous voting

From: "Vincent Untz" <vuntz gnome org>
To: "David Neary" <dneary free fr>
Cc: foundation-list gnome org, elections gnome org
Subject: Re: Spec for anonymous voting
Date: Thu, 2 Jun 2005 09:05:34 +0200 (CEST)

On Wed, June 1, 2005 20:38, David Neary said:
> Hi,

Hi Dave,

First, let me say that you rock: this is far more complete than what
we talked about!

Let me start my comments by this question (since I'm not sure everybody
will read my other comments): does anyone have a problem with voting
through a secure website instead of e-mail? I don't see why this would
be a problem, but I want to be sure.

Here are some other comments:

> Proposition
> ===========
> (with use-cases addressed in brackets)
>
> The elections committee generates a unique token for each foundation
> member, and sends them an e-mail to their account with instructions how
> to vote [1].

One problem here, as you noted later, is that the e-mail could be
intercepted. A possible solution would be that the member goes to the
secure website, logs in and click on a "Get token" link. The token
could be pregenerated (as in the current proposed solution) or generated
at this moment (but in this case, we can't sign the token with a private
key).

> The token is a hash of the (Firstname Surname email-address) combination
> which uniquely identifies a member [1,3].

For those who wonder why: it already happened that two members had the
same e-mail address. Btw, it's what we currently do.

> The list of voters is generated after the election by taking the
> compliment of the name/token pairs left in the stored elections
> committee list [6].

I don't think we want to know the list of voters. Well, I'm nearly sure
that we don't want it since people who didn't vote should be anonymous
too.

> Reasons why this proposition isn't ideal
> ========================================
>
>   - Name/token pairs are stored (trusting the infrastructure)

I see no way of not doing this since so many people delete/forget their
token each year.

>   - E-mail to foundation members could be intercepted (trusting the
> medium)
>   - We trust the election committee not to generate tokens to vote for
> their buddies (trusting the people)

Well, I hope you trust us ;-) More seriously, unless we require that
every member has a private key, I can't imagine how we could remove the
need for this trust. And as you already noted, right now, using private
keys is not really easy for everyone...

Vincent

-- 
Les gens heureux ne sont pas pressés.

Follow-Ups:
- Re: Spec for anonymous voting
  - From: Ross Golder

References:
- Spec for anonymous voting
  - From: David Neary

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]