peter karlsson <[EMAIL PROTECTED]> writes: > > Standard procedure to do secret votes in other communities where secret > > electronic votes[1] have been wished has been for each voter to supply > > their own secret password (any alphanumeric string), which was then > > published along with the vote. Those wishing to be non-anonymous > > usually supplied their name and address as password.
On Tue, Apr 03, 2001 at 11:20:07AM -0700, lantz moore wrote: > doesn't there still have to be a server supplied bit of randomness to > ensure uniqueness? Sure. If all that's required is uniqueness, a simple counter (incremented once each time a ballot is received) would be sufficient. > > The vote counting software throws away all information except the > > vote and the password once the origin of the vote has been checked. > > would adding someone elses name and e-mail be allowed? We already require that a person pgp sign their ballot. We reject anything without a valid signature. Or, as all too many people noticed -- sometimes we even reject ballots with a valid signature. [The two big causes where: Mutt putting the wrong headers on the message, so that we'd try to validate using the wrong message integrity check algorithm*, and the LDAP server going down for a short while.] -- Raul * I understand that there's a problem with gpg not telling mutt what this algorithm is for the default key. However, if nothing else, mutt could take the signed message and do a few passes over it to identify the algorithm. And, of course, gpg can (in principle at least) be enhanced.
