On Fri, Jan 26, 2007 at 05:58:16PM -0500, Matt Blaze wrote: * * It occurs to me that the lack of secure, practical crypto primitives and * protocols that are intuitively clear to ordinary people may be why * cryptography has had so little impact on an even more important problem * than psychic debunking, namely electronic voting. I think "intuitive * cryptography" is a very important open problem for our field.
I can bring you my personal experience on this. I have been working for the last 2 years on a project about web-voting (http://eballot.ucci.it/), the system is now up and running and one election has been already done with it. I tried the best I could to make it simple and understandable, but people reactions have been worse than what I expected. Even if I tried to explain how the system works, how is the protocol, where cryptography enters etc.etc., I received comments like: - please remove all these comments about digital certificates etc., just write in the first page "protected by 128bit SSL" as everybody else does - there are too many pages, can't you give in the first page the form to vote and ask the credentials for voting, and a second page of acknowledgment that the vote has been received? - this receipt stuff and checking the votes are dangerous, please give only the totals at the end and no receipts and so on (I spare you the 'graphical design is lousy', which it is, and similar). After having talked with some people, my feeling is that the averge guy feels more confident to vote in a web-site "protected by 128bit SSL", a lot of logos, javascripts, moving objects etc. (the more stuff there is on the web site, the more impressive are the guys who made it) and a big database (better if Oracle) to store your votes. Unfortunately the voting experience on my system is exactly the opposite :-( Andrea PS. any comment on my protocol/system is greatly appreciated. -- Andrea Pasquinucci [EMAIL PROTECTED] PGP key: http://www.ucci.it/ucci_pub_key.asc fingerprint = 569B 37F6 45A4 1A17 E06F CCBB CB51 2983 6494 0DA2 --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]