Re: Spec for anonymous voting

On Wed, June 1, 2005 20:38, David Neary said:
> Hi,

Hi Dave,

First, let me say that you rock: this is far more complete than what
we talked about!

Let me start my comments by this question (since I'm not sure everybody
will read my other comments): does anyone have a problem with voting
through a secure website instead of e-mail? I don't see why this would
be a problem, but I want to be sure.

Here are some other comments:

> Proposition
> ===========
> (with use-cases addressed in brackets)
> The elections committee generates a unique token for each foundation
> member, and sends them an e-mail to their account with instructions how
> to vote [1].

One problem here, as you noted later, is that the e-mail could be
intercepted. A possible solution would be that the member goes to the
secure website, logs in and click on a "Get token" link. The token
could be pregenerated (as in the current proposed solution) or generated
at this moment (but in this case, we can't sign the token with a private

> The token is a hash of the (Firstname Surname email-address) combination
> which uniquely identifies a member [1,3].

For those who wonder why: it already happened that two members had the
same e-mail address. Btw, it's what we currently do.

> The list of voters is generated after the election by taking the
> compliment of the name/token pairs left in the stored elections
> committee list [6].

I don't think we want to know the list of voters. Well, I'm nearly sure
that we don't want it since people who didn't vote should be anonymous

> Reasons why this proposition isn't ideal
> ========================================
>   - Name/token pairs are stored (trusting the infrastructure)

I see no way of not doing this since so many people delete/forget their
token each year.

>   - E-mail to foundation members could be intercepted (trusting the
> medium)
>   - We trust the election committee not to generate tokens to vote for
> their buddies (trusting the people)

Well, I hope you trust us ;-) More seriously, unless we require that
every member has a private key, I can't imagine how we could remove the
need for this trust. And as you already noted, right now, using private
keys is not really easy for everyone...


Les gens heureux ne sont pas pressés.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]