On Wed, June 1, 2005 20:38, David Neary said: > Hi, Hi Dave,
First, let me say that you rock: this is far more complete than what we talked about! Let me start my comments by this question (since I'm not sure everybody will read my other comments): does anyone have a problem with voting through a secure website instead of e-mail? I don't see why this would be a problem, but I want to be sure. Here are some other comments: > Proposition > =========== > (with use-cases addressed in brackets) > > The elections committee generates a unique token for each foundation > member, and sends them an e-mail to their account with instructions how > to vote [1]. One problem here, as you noted later, is that the e-mail could be intercepted. A possible solution would be that the member goes to the secure website, logs in and click on a "Get token" link. The token could be pregenerated (as in the current proposed solution) or generated at this moment (but in this case, we can't sign the token with a private key). > The token is a hash of the (Firstname Surname email-address) combination > which uniquely identifies a member [1,3]. For those who wonder why: it already happened that two members had the same e-mail address. Btw, it's what we currently do. > The list of voters is generated after the election by taking the > compliment of the name/token pairs left in the stored elections > committee list [6]. I don't think we want to know the list of voters. Well, I'm nearly sure that we don't want it since people who didn't vote should be anonymous too. > Reasons why this proposition isn't ideal > ======================================== > > - Name/token pairs are stored (trusting the infrastructure) I see no way of not doing this since so many people delete/forget their token each year. > - E-mail to foundation members could be intercepted (trusting the > medium) > - We trust the election committee not to generate tokens to vote for > their buddies (trusting the people) Well, I hope you trust us ;-) More seriously, unless we require that every member has a private key, I can't imagine how we could remove the need for this trust. And as you already noted, right now, using private keys is not really easy for everyone... Vincent -- Les gens heureux ne sont pas press�s. _______________________________________________ foundation-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/foundation-list
