Re: Concerns about the election process

From: Germán Poó Caamaño <gpoo ubiobio cl>
To: Behdad Esfahbod <behdad behdad org>
Cc: Ryan Lortie <desrt desrt ca>, Gabriel Burt <gabriel burt gmail com>, foundation-list gnome org, elections gnome org
Subject: Re: Concerns about the election process
Date: Mon, 27 Nov 2006 09:23:50 -0300

On Mon, 2006-11-27 at 01:22 -0500, Behdad Esfahbod wrote:

On Sun, 2006-11-26 at 20:18 -0600, Gabriel Burt wrote:

On 11/26/06, Behdad Esfahbod <behdad behdad org> wrote:

What he's saying is that, suppose you voted for me, Quim, Federico,
Dave, Bastien, Luis, and Jeff, and were given the anonymous token
0bhnyOzwLJ05jYV2phjusfe0jBYO3HZf.  How do you make sure that no one else
who voted for the same seven candidates received the same anonymous
token?


I misunderstood.  This could be solved by printing the token and the
date/time that the vote was received, couldn't it?  Is this
information being logged so it could be used in this election?
Another way could be to publish a list of people who voted, and people
can check they are listed there, and compare the number of voters to
the number of votes listed.


No.  It's not easy really.  Just because the number of voters matches
the number of anon tokens listed, doesn't mean that unique tokens were
handed out to voters.  The results can be perturbed by handing out the
same token to more than one voter, and insert phony tokens with
arbitrary votes attached to them.


It is pretty hard that two voters receive the same token.  It is
calculated using the member name, email address given to the
foundation and a secret key (one for the whole process). (I don't
think the way the token is get has changed).

For this data, having the same token (md5) two different voters
is not possible.  Collisions in md5 have been detected under
very specific circunstances.

If a valid token is introduced as a token (with anything extra
stuff there) to another voter (a fake one), it will be invalid.

There's nothing we should rush for this year.  The point is /not/ that
the election committee cannot be trusted.  The point is, if we want to
have a system in which the voters do not have to trust the election
committee, then our current system does not qualify, and for the least,
it should not be advertised like it does.


Having the list of all voters and each voter checking his or her vote,
should be enough.  IMVHO, Any voter as member of foundation has the
moral obligation to check it.

-- 
Germán Poó-Caamaño
http://www.ubiobio.cl/~gpoo/
Concepción - Chile

Follow-Ups:
- Re: Concerns about the election process
  - From: Behdad Esfahbod

References:
- Concerns about the election process
  - From: Ryan Lortie
- Re: Concerns about the election process
  - From: Baris Cicek
- Re: Concerns about the election process
  - From: Gabriel Burt
- Re: Concerns about the election process
  - From: Behdad Esfahbod
- Re: Concerns about the election process
  - From: Gabriel Burt
- Re: Concerns about the election process
  - From: Behdad Esfahbod

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]