>>"Andrew" == Andrew Pimlott <[EMAIL PROTECTED]> writes:
Andrew> How about:
Andrew> - When you vote, you additionally generate a random id and submit it
Andrew> with the vote.
Andrew> - In the vote list, the secretary publishes the id next to the vote.
Andrew> You can still verify your vote, but you have no way to prove that you
Andrew> chose a particular id, so you can't convince anyone that a particular
Andrew> vote is yours.
This is in no way better than the scheme we have coded and
working right now. If someone can force you to give up your token,
they can force you to divulge your random id; and if the id is next
to the vote, you are sunk (The trick is, of course, that I'll get
your ID from you before the vote tally sheet is published, so you
can't fake it).
In one way it is worse: What if 50 people choose Mickey Flood
as their randomg ID? In the case of server generated tokens, all
tokens are _known_ to be unique. If you go to great lengths to ensure
the ID is unique so you can verify it, the person who has forced you
to give up the ID can be sure too.
Andrew> A separate matter: It's important that a sample of developers
Andrew> who did not vote verify that their names are not on the voter
Andrew> list; and that someone verify that all of the names on the
Andrew> voter list are Debian developers.
The second shall be easy: The LDAP ID's shall be provided, a
simple script can talk to LDAP and get the keys, and verify against
the official key rings.
manoj
--
Ad astra per aspera. [To the stars by aspiration.]
Manoj Srivastava <[EMAIL PROTECTED]> <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
