Re: meeting re: defining requirements for cryptographically verifiable voting software?
- From: Vincent Untz <vuntz gnome org>
- To: Ben Adida <ben adida net>
- Cc: Ryan Lortie <desrt desrt ca>, Behdad Esfahbod <behdad behdad org>, membership-committee gnome org
- Subject: Re: meeting re: defining requirements for cryptographically verifiable voting software?
- Date: Tue, 6 Mar 2007 23:35:06 +0100
(removing Luis again, and putting Behdad in again ;-))
Le dimanche 04 mars 2007, à 19:42, Ben Adida a écrit :
Vincent Untz wrote:
Ben, Ryan: the meetings are on Thursday, at 13:30 UTC (if I'm not
wrong). Is this a suitable time for you? If yes, is this week okay for
I can do 13:30 UTC, though later is also appreciated :)
Ben: also, is there anything we can do on our side to prepare the
meeting? We'll probably have a short list of what requirements we need,
but if there's anything else that might be nice, just tell us.
Assume your election were held in a single physical location with
everyone present... How would it be run, exactly? With that description,
I can get a clear idea of your reqs independently of the "everyone is
Let's at least come with this:
+ it's not possible to know who a voter voted for (anonymisity)
+ except for the voter, who can verify that is vote has been correctly
taken into account
+ "it just works" for voters: no difficult setup for them. Web
interface is okay, mail interface could be okay, although it's less
+ if the voter needs a token to login, the token has to be
'reissuable' (ie, we can invalidate the old token if it hasn't been
used and create a new one for the voter)
+ the voter needs to confirm at least once his vote so that he's sure
he made no error
+ ideally, nobody should be able to have an idea of the current state
of the votes before the voting period ends
+ we have results ASAP
+ the system should be able to deal with elections and referenda
I'm probably forgetting things. And I didn't assume the election was
held in a single physical location :-)
Second, what are you current authentication bootstraps? Does everyone
have an SSH key? An SSL client-side cert? A username/password?
Nothing :-) That's a big issue. Some of our members have an SSH key, but
we don't have any real authentication for some members. Yes, that's bad
I've been thinking that since seahorse is now in GNOME, we could ask for
a PGP key. Don't know.
Les gens heureux ne sont pas pressés.
] [Thread Prev