Re: Spec for anonymous voting

From: "Vincent Untz" <vuntz gnome org>
To: "David Neary" <dneary free fr>
Cc: foundation-list gnome org, elections gnome org
Subject: Re: Spec for anonymous voting
Date: Thu, 2 Jun 2005 09:05:34 +0200 (CEST)

On Wed, June 1, 2005 20:38, David Neary said:

Hi,


Hi Dave,

First, let me say that you rock: this is far more complete than what
we talked about!

Let me start my comments by this question (since I'm not sure everybody
will read my other comments): does anyone have a problem with voting
through a secure website instead of e-mail? I don't see why this would
be a problem, but I want to be sure.

Here are some other comments:

Proposition
===========
(with use-cases addressed in brackets)

The elections committee generates a unique token for each foundation
member, and sends them an e-mail to their account with instructions how
to vote [1].


One problem here, as you noted later, is that the e-mail could be
intercepted. A possible solution would be that the member goes to the
secure website, logs in and click on a "Get token" link. The token
could be pregenerated (as in the current proposed solution) or generated
at this moment (but in this case, we can't sign the token with a private
key).

The token is a hash of the (Firstname Surname email-address) combination
which uniquely identifies a member [1,3].


For those who wonder why: it already happened that two members had the
same e-mail address. Btw, it's what we currently do.

The list of voters is generated after the election by taking the
compliment of the name/token pairs left in the stored elections
committee list [6].


I don't think we want to know the list of voters. Well, I'm nearly sure
that we don't want it since people who didn't vote should be anonymous
too.

Reasons why this proposition isn't ideal
========================================

  - Name/token pairs are stored (trusting the infrastructure)


I see no way of not doing this since so many people delete/forget their
token each year.

  - E-mail to foundation members could be intercepted (trusting the
medium)
  - We trust the election committee not to generate tokens to vote for
their buddies (trusting the people)


Well, I hope you trust us ;-) More seriously, unless we require that
every member has a private key, I can't imagine how we could remove the
need for this trust. And as you already noted, right now, using private
keys is not really easy for everyone...

Vincent

-- 
Les gens heureux ne sont pas pressés.

Follow-Ups:
- Re: Spec for anonymous voting
  - From: Ross Golder

References:
- Spec for anonymous voting
  - From: David Neary

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]