Re: meeting re: defining requirements for cryptographically verifiable voting software?

From: Vincent Untz <vuntz gnome org>
To: Ben Adida <ben adida net>
Cc: Ryan Lortie <desrt desrt ca>, Behdad Esfahbod <behdad behdad org>, membership-committee gnome org
Subject: Re: meeting re: defining requirements for cryptographically verifiable voting software?
Date: Tue, 6 Mar 2007 23:35:06 +0100

(removing Luis again, and putting Behdad in again ;-))

Le dimanche 04 mars 2007, à 19:42, Ben Adida a écrit :

Vincent Untz wrote:

Ben, Ryan: the meetings are on Thursday, at 13:30 UTC (if I'm not
wrong). Is this a suitable time for you? If yes, is this week okay for
you?


I can do 13:30 UTC, though later is also appreciated :)

Ben: also, is there anything we can do on our side to prepare the
meeting? We'll probably have a short list of what requirements we need,
but if there's anything else that might be nice, just tell us.


Assume your election were held in a single physical location with
everyone present... How would it be run, exactly? With that description,
I can get a clear idea of your reqs independently of the "everyone is
online" situation.


Let's at least come with this:

 + it's not possible to know who a voter voted for (anonymisity)
 + except for the voter, who can verify that is vote has been correctly
   taken into account
 + "it just works" for voters: no difficult setup for them. Web
   interface is okay, mail interface could be okay, although it's less
   friendly
 + if the voter needs a token to login, the token has to be
   'reissuable' (ie, we can invalidate the old token if it hasn't been
   used and create a new one for the voter)
 + the voter needs to confirm at least once his vote so that he's sure
   he made no error
 + ideally, nobody should be able to have an idea of the current state
   of the votes before the voting period ends
 + we have results ASAP
 + the system should be able to deal with elections and referenda

I'm probably forgetting things. And I didn't assume the election was
held in a single physical location :-)

Second, what are you current authentication bootstraps? Does everyone
have an SSH key? An SSL client-side cert? A username/password?


Nothing :-) That's a big issue. Some of our members have an SSH key, but
we don't have any real authentication for some members. Yes, that's bad
:-)

I've been thinking that since seahorse is now in GNOME, we could ask for
a PGP key. Don't know.

Vincent

-- 
Les gens heureux ne sont pas pressés.

Follow-Ups:
- Re: meeting re: defining requirements for cryptographically verifiable voting software?
  - From: Ben Adida

References:
- meeting re: defining requirements for cryptographically verifiable voting software?
  - From: Luis Villa
- Re: meeting re: defining requirements for cryptographically verifiable voting software?
  - From: Lucas Rocha
- Re: meeting re: defining requirements for cryptographically verifiable voting software?
  - From: Vincent Untz
- Re: meeting re: defining requirements for cryptographically verifiable voting software?
  - From: Ben Adida

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]