On Wed, Apr 03, 2002 at 02:27:28PM -0600, Manoj Srivastava wrote:
Sven == Sven [EMAIL PROTECTED] writes:
Sven Was this md5sum not supposed to be sent in the aknowledgement
``Supposed'' to be? I don't think that it was decided to
modify the vote system, no. The best I recall is
Sven == Sven [EMAIL PROTECTED] writes:
Sven Well, i did not yet receive any kind of aknowledgement for my
Sven vote, but as i understood, it should contain some kind of id or
Sven something which i can use to check that the voting script did
Sven its job right.
I suspect you have
On Wed, Apr 03, 2002 at 02:27:28PM -0600, Manoj Srivastava wrote:
Sven == Sven [EMAIL PROTECTED] writes:
Sven Was this md5sum not supposed to be sent in the aknowledgement
``Supposed'' to be? I don't think that it was decided to
modify the vote system, no. The best I recall is
Sven == Sven [EMAIL PROTECTED] writes:
Sven Well, i did not yet receive any kind of aknowledgement for my
Sven vote, but as i understood, it should contain some kind of id or
Sven something which i can use to check that the voting script did
Sven its job right.
I suspect you have
On Wed, Apr 03, 2002 at 07:49:37PM -0600, Manoj Srivastava wrote:
Andrew == Andrew Pimlott [EMAIL PROTECTED] writes:
Andrew How about:
Andrew - When you vote, you additionally generate a random id and submit it
Andrewwith the vote.
Andrew - In the vote list, the secretary
On Thu, Apr 04, 2002 at 10:10:39AM -0500, Andrew Pimlott wrote:
I grant you that it is susceptible to someone who gets to you
before the vote. This seems very hard to defend: the enemy can just
insist that you send him your signed vote, and let him submit it.
To beat this, you would have to
On Fri, Apr 05, 2002 at 01:44:13AM +1000, Anthony Towns wrote:
On Thu, Apr 04, 2002 at 10:10:39AM -0500, Andrew Pimlott wrote:
I grant you that it is susceptible to someone who gets to you
before the vote. This seems very hard to defend: the enemy can just
insist that you send him your
On Thu, Apr 04, 2002 at 10:59:51AM -0500, Andrew Pimlott wrote:
On Fri, Apr 05, 2002 at 01:44:13AM +1000, Anthony Towns wrote:
On Thu, Apr 04, 2002 at 10:10:39AM -0500, Andrew Pimlott wrote:
I grant you that it is susceptible to someone who gets to you
before the vote. This seems very
On Fri, Apr 05, 2002 at 03:07:56AM +1000, Anthony Towns wrote:
On Thu, Apr 04, 2002 at 10:59:51AM -0500, Andrew Pimlott wrote:
But he will see that his vote wasn't counted, and punish you. How
can you foil him, without him knowing you foiled him?
How will he see that, exactly? There
On Thu, 2002-04-04 at 10:44, Anthony Towns wrote:
Actually, it's pretty easy. As part of the vote, you have an order id,
and whichever of these is highest, no matter what order the votes were
received in, is accepted. So you give the bully the vote he wants, with
`one bazillion' in the order
Hi ya cunning election frisbee-ers !
Do you think it is important that the vote-results webpage correctly
shows coerced votes ?
If a voter can be coerced to vote for someone she doesnt want to vote
for,
then she can be coerced to put a hard-to-find remote exploit in a
package she
On Thu, 04 Apr 2002, Siward de Groot wrote:
P.S. Manoj never let out that Asterix voted for Raphael !
While we're at it, it would be pretty cool to have a voting protocol
where no one, not even the secretary, can find out other peoples' votes.
Is such a thing possible?
On Thu, 2002-04-04 at 17:04, Peter Palfrader wrote:
While we're at it, it would be pretty cool to have a voting protocol
where no one, not even the secretary, can find out other peoples' votes.
Is such a thing possible?
Yes. See, for example, my followup to the vote verification thread.
On Thu, Apr 04, 2002 at 02:38:21PM -0500, Anthony DeRobertis wrote:
On Thu, 2002-04-04 at 10:44, Anthony Towns wrote:
Actually, it's pretty easy. As part of the vote, you have an order id,
and whichever of these is highest, no matter what order the votes were
received in, is accepted. So
Anthony == Anthony Towns [EMAIL PROTECTED] writes:
Actually, it's pretty easy. As part of the vote, you have an order id,
and whichever of these is highest, no matter what order the votes were
received in, is accepted. So you give the bully the vote he wants, with
`one bazillion' in
On Wed, Apr 03, 2002 at 07:49:37PM -0600, Manoj Srivastava wrote:
Andrew == Andrew Pimlott [EMAIL PROTECTED] writes:
Andrew How about:
Andrew - When you vote, you additionally generate a random id and submit it
Andrewwith the vote.
Andrew - In the vote list, the secretary
On Thu, Apr 04, 2002 at 10:10:39AM -0500, Andrew Pimlott wrote:
I grant you that it is susceptible to someone who gets to you
before the vote. This seems very hard to defend: the enemy can just
insist that you send him your signed vote, and let him submit it.
To beat this, you would have to
On Fri, Apr 05, 2002 at 01:44:13AM +1000, Anthony Towns wrote:
On Thu, Apr 04, 2002 at 10:10:39AM -0500, Andrew Pimlott wrote:
I grant you that it is susceptible to someone who gets to you
before the vote. This seems very hard to defend: the enemy can just
insist that you send him your
On Thu, Apr 04, 2002 at 10:59:51AM -0500, Andrew Pimlott wrote:
On Fri, Apr 05, 2002 at 01:44:13AM +1000, Anthony Towns wrote:
On Thu, Apr 04, 2002 at 10:10:39AM -0500, Andrew Pimlott wrote:
I grant you that it is susceptible to someone who gets to you
before the vote. This seems very
On Fri, Apr 05, 2002 at 03:07:56AM +1000, Anthony Towns wrote:
On Thu, Apr 04, 2002 at 10:59:51AM -0500, Andrew Pimlott wrote:
But he will see that his vote wasn't counted, and punish you. How
can you foil him, without him knowing you foiled him?
How will he see that, exactly? There
On Thu, 2002-04-04 at 10:44, Anthony Towns wrote:
Actually, it's pretty easy. As part of the vote, you have an order id,
and whichever of these is highest, no matter what order the votes were
received in, is accepted. So you give the bully the vote he wants, with
`one bazillion' in the order
Hi ya cunning election frisbee-ers !
Do you think it is important that the vote-results webpage correctly
shows coerced votes ?
If a voter can be coerced to vote for someone she doesnt want to vote
for,
then she can be coerced to put a hard-to-find remote exploit in a
package she
On Thu, 04 Apr 2002, Siward de Groot wrote:
P.S. Manoj never let out that Asterix voted for Raphael !
While we're at it, it would be pretty cool to have a voting protocol
where no one, not even the secretary, can find out other peoples' votes.
Is such a thing possible?
On Thu, 2002-04-04 at 17:04, Peter Palfrader wrote:
While we're at it, it would be pretty cool to have a voting protocol
where no one, not even the secretary, can find out other peoples' votes.
Is such a thing possible?
Yes. See, for example, my followup to the vote verification thread.
--
On Thu, Apr 04, 2002 at 02:38:21PM -0500, Anthony DeRobertis wrote:
On Thu, 2002-04-04 at 10:44, Anthony Towns wrote:
Actually, it's pretty easy. As part of the vote, you have an order id,
and whichever of these is highest, no matter what order the votes were
received in, is accepted. So
Anthony == Anthony Towns aj@azure.humbug.org.au writes:
Actually, it's pretty easy. As part of the vote, you have an order id,
and whichever of these is highest, no matter what order the votes were
received in, is accepted. So you give the bully the vote he wants, with
`one bazillion'
On Tue, Apr 02, 2002 at 10:02:56PM -0600, Manoj Srivastava wrote:
Drake == Drake Diedrich [EMAIL PROTECTED] writes:
Drake Easier for the voter to verify that it's the right md5sum for
Drake the loginid+vote+token? Otherwise only those intimately
We have actual developers who
Pete == Pete Ryland [EMAIL PROTECTED]
Pete Instead of token, why not just use the message-id of the
Pete voter's email?
Because the Message-ID contains identifying material. Look at the
References field above -- you'll find enough information that you
could identify the originator of
On Wed, 2002-04-03 at 14:57, Pete Ryland wrote:
And what does that buy us over md5sum(loginid + vote + token)?
Instead of token, why not just use the message-id of the voter's email?
Well, your message ID is:
[EMAIL PROTECTED]
|| ^^^ ||
date ^^
On Wed, Apr 03, 2002 at 03:17:13PM -0500, Anthony DeRobertis wrote:
On Wed, 2002-04-03 at 14:57, Pete Ryland wrote:
And what does that buy us over md5sum(loginid + vote + token)?
Instead of token, why not just use the message-id of the voter's email?
Well, your message ID is:
Pete == Pete Ryland [EMAIL PROTECTED] writes:
Pete Instead of token, why not just use the message-id of the voter's email?
These are the last 15 mesage ID's generated by my MUA:
Message-ID: [EMAIL PROTECTED]
Message-ID: [EMAIL PROTECTED]
Message-ID: [EMAIL PROTECTED]
Message-ID:
[ I just saw this in DWN. ]
Anthony Towns mailto:[EMAIL PROTECTED] wrote:
On the downside, this allows people to use that info to go up to whoever
they voted for and say Look, see, I did vote for you {give me that wad of
cash you promised,don't beat me up}, which is theoretically undesirable,
Andrew == Andrew Pimlott [EMAIL PROTECTED] writes:
Andrew How about:
Andrew - When you vote, you additionally generate a random id and submit it
Andrewwith the vote.
Andrew - In the vote list, the secretary publishes the id next to the vote.
Andrew You can still verify your vote,
Siward == Siward de Groot [EMAIL PROTECTED] writes:
Siward Howdy Manoj and list !
Siward Manoj Srivastava wrote:
Siward P.S. You wrote that Mickey Mouse voted for Bdale,
Siwardwasnt that a breach of confidentiality !?!
Keep your attributions straight: I never said that.
On Tue, Apr 02, 2002 at 07:31:59PM -0300, Gustavo Noronha Silva wrote:
[EMAIL PROTECTED] wrote:
Przebywam na urlopie do 08.04.2002
/me considers mail-bombing this email address
As if that is going to stop his stupid vacation(1)? :)
--
2. That which causes joy or happiness.
--
To
On Tue, Apr 02, 2002 at 10:02:56PM -0600, Manoj Srivastava wrote:
Drake == Drake Diedrich [EMAIL PROTECTED] writes:
Drake Easier for the voter to verify that it's the right md5sum for
Drake the loginid+vote+token? Otherwise only those intimately
We have actual developers who think
On Tue, Apr 02, 2002 at 06:11:41PM -0600, Manoj Srivastava wrote:
Siward == Siward de Groot [EMAIL PROTECTED] writes:
Siward Anthony Towns wrote:
But in any event, the problem with doing it that way is that you need
to do it before the vote starts, which we haven't done.
Sven == Sven [EMAIL PROTECTED] writes:
Sven Was this md5sum not supposed to be sent in the aknowledgement
``Supposed'' to be? I don't think that it was decided to
modify the vote system, no. The best I recall is some discussion last
year about secret ballot protocols, but that is as
Pete == Pete Ryland [EMAIL PROTECTED] writes:
Pete Instead of token, why not just use the message-id of the voter's email?
These are the last 15 mesage ID's generated by my MUA:
Message-ID: [EMAIL PROTECTED]
Message-ID: [EMAIL PROTECTED]
Message-ID: [EMAIL PROTECTED]
Message-ID: [EMAIL
Howdy Manoj and list !
Manoj Srivastava wrote:
And what does that buy us over md5sum(loginid + vote + token)?
I didnt literally say that it buys us something,
so i assume that you are really asking what advantage is in
letting voters determine the string which identifies
On Wednesday, April 3, 2002, at 05:33 PM, Siward de Groot wrote:
P.S. You wrote that Mickey Mouse voted for Bdale,
wasnt that a breach of confidentiality !?!
Marvin the Martian voted for Branden, if you care ;-)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of
[ I just saw this in DWN. ]
Anthony Towns mailto:aj@azure.humbug.org.au wrote:
On the downside, this allows people to use that info to go up to whoever
they voted for and say Look, see, I did vote for you {give me that wad of
cash you promised,don't beat me up}, which is theoretically
Andrew == Andrew Pimlott [EMAIL PROTECTED] writes:
Andrew How about:
Andrew - When you vote, you additionally generate a random id and submit it
Andrewwith the vote.
Andrew - In the vote list, the secretary publishes the id next to the vote.
Andrew You can still verify your vote, but
Siward == Siward de Groot [EMAIL PROTECTED] writes:
Siward Howdy Manoj and list !
Siward Manoj Srivastava wrote:
Siward P.S. You wrote that Mickey Mouse voted for Bdale,
Siwardwasnt that a breach of confidentiality !?!
Keep your attributions straight: I never said that.
On Sun, Mar 31, 2002 at 02:55:45AM +1000, Anthony Towns wrote:
If we're trying to enforce accountability on the secretary, this doesn't
work. For example, if say, Bill and Betty both happen to vote the same
way (123-, say), then you can mail them both the same keyword (foo),
and publish:
Previously Hamish Moffatt wrote:
Another system I saw (many years ago, on fidonet) had the voters submit
their own keyword when voting. When the results were published, the vote
was published alongside the keyword (but no names).
With a lot of people working on a common project to chances of
Anthony Towns wrote:
But in any event, the problem with doing it that way is that you need
to do it before the vote starts, which we haven't done.
not necessarily,
secretary could ask for these keywords separately,
and match them to votes by name of voter,
if he had the time.
have
Przebywam na urlopie do 08.04.2002
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Tue, 02 Apr 2002 23:32:12 +0200
[EMAIL PROTECTED] wrote:
Przebywam na urlopie do 08.04.2002
/me considers mail-bombing this email address
[]s!
--
[EMAIL PROTECTED]: Gustavo Noronha http://people.debian.org/~kov
Debian: http://www.debian.org * http://debian-br.cipsga.org.br
--
To
On Tue, Apr 02, 2002 at 06:11:41PM -0600, Manoj Srivastava wrote:
And what does that buy us over md5sum(loginid + vote + token)?
Easier for the voter to verify that it's the right md5sum for the
loginid+vote+token? Otherwise only those intimately familiar with the vote
encoding
Drake == Drake Diedrich [EMAIL PROTECTED] writes:
Drake Easier for the voter to verify that it's the right md5sum for
Drake the loginid+vote+token? Otherwise only those intimately
We have actual developers who think taking a md5sum is arcane?
I suppose if a simple command line
On Sun, Mar 31, 2002 at 02:55:45AM +1000, Anthony Towns wrote:
If we're trying to enforce accountability on the secretary, this doesn't
work. For example, if say, Bill and Betty both happen to vote the same
way (123-, say), then you can mail them both the same keyword (foo),
and publish:
Previously Hamish Moffatt wrote:
Another system I saw (many years ago, on fidonet) had the voters submit
their own keyword when voting. When the results were published, the vote
was published alongside the keyword (but no names).
With a lot of people working on a common project to chances of
On Tue, Apr 02, 2002 at 01:33:38PM +0200, Wichert Akkerman wrote:
Previously Hamish Moffatt wrote:
Another system I saw (many years ago, on fidonet) had the voters submit
their own keyword when voting. When the results were published, the vote
was published alongside the keyword (but no
Anthony Towns wrote:
But in any event, the problem with doing it that way is that you need
to do it before the vote starts, which we haven't done.
not necessarily,
secretary could ask for these keywords separately,
and match them to votes by name of voter,
if he had the time.
have
Przebywam na urlopie do 08.04.2002
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Siward == Siward de Groot [EMAIL PROTECTED] writes:
Siward Anthony Towns wrote:
But in any event, the problem with doing it that way is that you need
to do it before the vote starts, which we haven't done.
Siward not necessarily,
Siward secretary could ask for these keywords
On Tue, 02 Apr 2002 23:32:12 +0200
[EMAIL PROTECTED] wrote:
Przebywam na urlopie do 08.04.2002
/me considers mail-bombing this email address
[]s!
--
[EMAIL PROTECTED]: Gustavo Noronha http://people.debian.org/~kov
Debian: http://www.debian.org * http://debian-br.cipsga.org.br
--
To
On Tue, Apr 02, 2002 at 06:11:41PM -0600, Manoj Srivastava wrote:
And what does that buy us over md5sum(loginid + vote + token)?
Easier for the voter to verify that it's the right md5sum for the
loginid+vote+token? Otherwise only those intimately familiar with the vote
encoding are
Drake == Drake Diedrich [EMAIL PROTECTED] writes:
Drake Easier for the voter to verify that it's the right md5sum for
Drake the loginid+vote+token? Otherwise only those intimately
We have actual developers who think taking a md5sum is arcane?
I suppose if a simple command line
60 matches
Mail list logo