[EMAIL PROTECTED] (Ed Gerck) wrote on 12.01.01 in <[EMAIL PROTECTED]>:
> [long, but worth every megabyte]
>
> >From: "Stephen Sprunk" <[EMAIL PROTECTED]>
> >
> >Throwing encryption at voting is not enough to solve algorithmic
> >problems. Digital signatures violate ballot secrecy and provide no
> >protection against most forms of fraud.
>
> No. Digital signatures such as X.509/PKIX do violate voter privacy, but
> never ballot secrecy.
>
> In all fairness to you, maybe there is a confusion with the word "privacy".
> In this case, maybe you write "secrecy" above but you mean "privacy". BIG
> DIFFERENCE, though.
Indeed. The way you have it defined, both are one half of what must be
achieved (impossible to identify voters, and impossible to identify
votes), with both halves completely meaningless in isolation (which is why
a traditional paper vote does achieve the combination, but neither half in
isolation). Whereas the way most people define this, the two terms are two
names for the same thing, which is the whole (it must be impossible to
determine who voted what). The correlation is the problem, not the
isolated facts.
There is more obfuscation like that in your "16 requirements". Not what
I'd consider a recommendation.
> Safevote's open attack test described at www.safevote.com/tech.htm showed
> that the following attacks were 100% forestalled during the entire test for
> 24 hours a day in 5 days: (1) Denial-of-Service; (2) Large Packet Ping; (3)
> Buffer Overrun; (4) TCP SYN Flood; (5) IP Spoofing; (6) TCP Sequence Number;
> (7) IP Fragmentation; (8) Network Penetration; and other network-based
> attacks.
Grand. It withstood network level attacks. That's about the most
meaningless test possible - all it proves is the quality of the TCP stack,
it tells absolutely bloody nothing about the voting system itself.
Which in itself tells us something, and it's not a compliment.
MfG Kai
