Re: Vote for the Debian Project Leader Election 2005
Well... So much for: 1) secret ballots 2) reading directions On Thu, Mar 24, 2005 at 08:44:29PM +0100, Emmanuel le Chevoir wrote: - - -=-=-=-=-=- Don't Delete Anything Between These Lines =-=-=-=-=-=-=-=- 46348448-74a5-40ae-a651-49704435ae8c [ 3 ] Choice 1: Jonathan Walther [ 6 ] Choice 2: Matthew Garrett [ 2 ] Choice 3: Branden Robinson [ 1 ] Choice 4: Anthony Towns [ 5 ] Choice 5: Angus Lees [ 4 ] Choice 6: Andreas Schuldei [ ] Choice 7: None Of The Above - - -=-=-=-=-=- Don't Delete Anything Between These Lines =-=-=-=-=-=-=-=- -- Emmanuel le Chevoir -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Vote for the Debian Project Leader Election 2005
Hi John Goerzen wrote: Well... So much for: 1) secret ballots 2) reading directions You should mail it signed, but not encrypted to [EMAIL PROTECTED] You might have the same problem [0] as some others [1] [2] [3]. You'll be listed [4] as a unique voter [5] if your vote arrives. Cheers Luk [0] http://lists.debian.org/debian-vote/2005/03/msg00835.html [1] http://lists.debian.org/debian-vote/2005/03/msg00822.html [2] http://lists.debian.org/debian-vote/2005/03/msg00844.html [3] http://lists.debian.org/debian-vote/2005/03/msg00850.html [4] http://master.debian.org/~srivasta/leader2005.html [5] http://master.debian.org/~srivasta/leader2005_voters.txt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Vote for the Debian Project Leader Election 2005
John Goerzen wrote: Well... So much for: 1) secret ballots 2) reading directions Reading is a lost art nowadays. -- Michael Weber I'm also quite appalled by the vote. *sigh* Regards, Joey -- No question is too silly to ask, but, of course, some are too silly to answer. -- Perl book -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Vote for the Debian Project Leader Election 2005
I'm amazed at how little people seem to have done to inform themselves about all the candidates, myself. -- David N. Welton - http://www.dedasys.com/davidw/ Apache, Linux, Tcl Consulting - http://www.dedasys.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Vote for the Debian Project Leader Election 2005
On Thu, Mar 24, 2005 at 09:12:51PM +0100, David N. Welton wrote: I'm amazed at how little people seem to have done to inform themselves about all the candidates, myself. Just because people vote in a way that you might not does not mean they are uninformed. It just means we are all looking for different things from our new overlord... Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Vote for the Debian Project Leader Election 2005
Steve Kemp [EMAIL PROTECTED] writes: On Thu, Mar 24, 2005 at 09:12:51PM +0100, David N. Welton wrote: I'm amazed at how little people seem to have done to inform themselves about all the candidates, myself. Just because people vote in a way that you might not does not mean they are uninformed. I'm not convinced. -- David N. Welton - http://www.dedasys.com/davidw/ Apache, Linux, Tcl Consulting - http://www.dedasys.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Vote for the Debian Project Leader Election 2005
On 20050324T135006-0600, John Goerzen wrote: Well... So much for: 1) secret ballots Secret ballots mean that the actual ballots are never published by the secretary. It does not mean that voters are not allowed to make their choice public (or to claim they voted in a particular way, despite having voted differently). The point of a secret vote is to make sure vote buying is ineffective, since under secret ballots the buyer is unable to verify that the voter actually cast the ballot he or she claimed to have cast; and that point is preserved even if some of us publish our (real or fake, you can't tell) choices. -- Antti-Juhani Kaijanaho, Debian developer http://kaijanaho.info/antti-juhani/blog/en/debian signature.asc Description: Digital signature
Re: Vote for the Debian Project Leader Election 2005
On Fri, Mar 25, 2005 at 01:13:49AM +0200, Antti-Juhani Kaijanaho wrote: The point of a secret vote is to make sure vote buying is ineffective, since under secret ballots the buyer is unable to verify that the voter actually cast the ballot he or she claimed to have cast; and that point is preserved even if some of us publish our (real or fake, you can't tell) choices. Eh, the buyer can demand proof, the same proof a voter has to verify his vote is tallied: ask the secret token. Assuming md5 is a strong hash, this way a voter can prove his/her ballot if (s)he wishes to publicly (or privately) show to have voted in a given way. As far as I know, the real reason is to enable it for people to vote without worrying to hurt a person (DPL-candidate), for example that one ranks a friend quite low because one doesn't think he'd make a good DPL. Voting for people is necessarily a more personal affair than voting for something more abstract like a GR about the constitution. --Jeroen -- Jeroen van Wolffelaar [EMAIL PROTECTED] (also for Jabber MSN; ICQ: 33944357) http://Jeroen.A-Eskwadraat.nl
Re: Vote for the Debian Project Leader Election 2005
[EMAIL PROTECTED] (David N. Welton) wrote: Just to be clear, nothing against Anthony Towns. I think he'd do alright as DPL. Sounds like you've asked a few people and are now hedging your bets! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Vote for the Debian Project Leader Election 2005
On 20050325T002711+0100, Jeroen van Wolffelaar wrote: Eh, the buyer can demand proof, the same proof a voter has to verify his vote is tallied: ask the secret token. Assuming md5 is a strong hash, this way a voter can prove his/her ballot if (s)he wishes to publicly (or privately) show to have voted in a given way. Ouch. Nasty. Bad. (This is one of the reasons why real elections have partisan observers present in vote counting: you cannot give the voter proof of his vote being counted, so you need another way to ensure public trust in the process.) As far as I know, the real reason is to enable it for people to vote without worrying to hurt a person (DPL-candidate), for example that one ranks a friend quite low because one doesn't think he'd make a good DPL. Voting for people is necessarily a more personal affair than voting for something more abstract like a GR about the constitution. Sure, and that is a good argument for this kind of secrecy. However, the reason I gave is the reason secret ballots are a requirement in democratic government. (I include in vote buying the nastier practices of blackmail and duress.) -- Antti-Juhani Kaijanaho, Debian developer http://kaijanaho.info/antti-juhani/blog/en/debian signature.asc Description: Digital signature
Re: Vote for the Debian Project Leader Election 2005
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] (David N. Welton) writes: Steve Kemp [EMAIL PROTECTED] writes: On Thu, Mar 24, 2005 at 09:12:51PM +0100, David N. Welton wrote: I'm amazed at how little people seem to have done to inform themselves about all the candidates, myself. Just because people vote in a way that you might not does not mean they are uninformed. I'm not convinced. Happily, the OP still has a chance to change his mind ;-) - -- Roger Leigh Printing on GNU/Linux? http://gimp-print.sourceforge.net/ Debian GNU/Linuxhttp://www.debian.org/ GPG Public Key: 0x25BFB848. Please sign and encrypt your mail. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8 http://mailcrypt.sourceforge.net/ iD8DBQFCQ1KiVcFcaSW/uEgRAgO3AKDbUXAKx/VJoHEMtpqm6jPUmZESEwCgpc6v 4gTEQsOTnyKrMFXw/0IUxuw= =5+aN -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Vote for the Debian Project Leader Election 2005
On Thursday, 24 March 2005 16:52, Roger Leigh wrote: [EMAIL PROTECTED] (David N. Welton) writes: Steve Kemp [EMAIL PROTECTED] writes: On Thu, Mar 24, 2005 at 09:12:51PM +0100, David N. Welton wrote: I'm amazed at how little people seem to have done to inform themselves about all the candidates, myself. Just because people vote in a way that you might not does not mean they are uninformed. I'm not convinced. Happily, the OP still has a chance to change his mind ;-) Unless someone else sends in his already signed ballot... -- Wesley J. Landaker [EMAIL PROTECTED] OpenPGP FP: 4135 2A3B 4726 ACC5 9094 0097 F0A9 8A4C 4CD6 E3D2 pgp6QwC2UOa7a.pgp Description: PGP signature
Ballots and one way hashes
On Fri, Mar 25, 2005 at 12:27:11AM +0100, Jeroen van Wolffelaar wrote: Eh, the buyer can demand proof, the same proof a voter has to verify his vote is tallied: ask the secret token. Assuming md5 is a strong hash, this way a voter can prove his/her ballot if (s)he wishes to publicly (or privately) show to have voted in a given way. One-way hashes of whatever algorithm are quite pointless with only a couple million combinations (only 5040 combinations if you don't mark any choices equally and don't leave any choices blank). You'd want to also include a significant amount of salt (say, a paragraph of your own free-form text to go with it) to make it worth bothering with a one-way hash. Or (and I don't know if the voting system allows it) use random moderately large numbers instead of 1 through 7. For example instead of voting 1, 2, 3, 4, 5, 6, 7, vote 14252017, 75124742, 135250896, 207909366, 242590248, 315188948, 562712955. -- Robert Woodcock - [EMAIL PROTECTED] perl -e '$a-=($_%4-2)*4/$_++while++$_2e6;print$a\n' -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Ballots and one way hashes
On Thu, Mar 24, 2005 at 04:55:35PM -0800, Robert Woodcock wrote: On Fri, Mar 25, 2005 at 12:27:11AM +0100, Jeroen van Wolffelaar wrote: Eh, the buyer can demand proof, the same proof a voter has to verify his vote is tallied: ask the secret token. Assuming md5 is a strong hash, this way a voter can prove his/her ballot if (s)he wishes to publicly (or privately) show to have voted in a given way. One-way hashes of whatever algorithm are quite pointless with only a couple million combinations (only 5040 combinations if you don't mark any choices equally and don't leave any choices blank). Eh, I see you didn't vote yet, but the way it works in Debian, with a 14-character alphanumeric token your login, it works fine. Note that not your vote is one-way hashed (then you have no way to check the secretary on whether the votes are correctly tallied), but just the hash next to your vote. See the 2004 DPL elections[1] for how this looks like. Without the token, you cannot look up which vote is who's, but with a token, you, and anyone you give the token, can find out what vote was tallied of yourself. And assuming collisions happen with probability zero, the md5sum is unique too. --Jeroen [1] http://www.debian.org/vote/2004/leader2004_tally.txt -- Jeroen van Wolffelaar [EMAIL PROTECTED] (also for Jabber MSN; ICQ: 33944357) http://Jeroen.A-Eskwadraat.nl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Vote for the Debian Project Leader Election 2005
Wesley J Landaker [EMAIL PROTECTED] wrote: On Thursday, 24 March 2005 16:52, Roger Leigh wrote: Happily, the OP still has a chance to change his mind ;-) Unless someone else sends in his already signed ballot... You can send in multiple ballots. Only the last one will count. As a result, you're free to change your mind up until the deadline. Possibly this should be more widely publicised? -- Matthew Garrett | [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Vote for the Debian Project Leader Election 2005
On Fri, Mar 25, 2005 at 02:57:43AM +, Matthew Garrett wrote: Wesley J Landaker [EMAIL PROTECTED] wrote: On Thursday, 24 March 2005 16:52, Roger Leigh wrote: Happily, the OP still has a chance to change his mind ;-) Unless someone else sends in his already signed ballot... You can send in multiple ballots. Only the last one will count. As a result, you're free to change your mind up until the deadline. I think that Wesley may be thinking more along the lines of a simple replay attack -- if you *do* change your mind, your earlier (publically posted) ballot can be fed back into the system again, to reset your preferences to those you originally chose. Since the voter gets a return e-mail, they'd likely know about it, but if the attacker was clever and threw your ballot in right before the deadline, you wouldn't have enough time to correct it, and would need to bother Manoj to get it sorted out. - Matt signature.asc Description: Digital signature
Re: Vote for the Debian Project Leader Election 2005
On Thursday, 24 March 2005 19:57, Matthew Garrett wrote: Wesley J Landaker [EMAIL PROTECTED] wrote: On Thursday, 24 March 2005 16:52, Roger Leigh wrote: Happily, the OP still has a chance to change his mind ;-) Unless someone else sends in his already signed ballot... You can send in multiple ballots. Only the last one will count. As a result, you're free to change your mind up until the deadline. Possibly this should be more widely publicised? Ah, well, that's good to know! Now I have time to change my mind as well... ;) -- Wesley J. Landaker [EMAIL PROTECTED] OpenPGP FP: 4135 2A3B 4726 ACC5 9094 0097 F0A9 8A4C 4CD6 E3D2 pgpLNvEq8Lyse.pgp Description: PGP signature
Re: Vote for the Debian Project Leader Election 2005
On Thursday, 24 March 2005 20:15, Matthew Palmer wrote: On Fri, Mar 25, 2005 at 02:57:43AM +, Matthew Garrett wrote: Wesley J Landaker [EMAIL PROTECTED] wrote: On Thursday, 24 March 2005 16:52, Roger Leigh wrote: Happily, the OP still has a chance to change his mind ;-) Unless someone else sends in his already signed ballot... You can send in multiple ballots. Only the last one will count. As a result, you're free to change your mind up until the deadline. I think that Wesley may be thinking more along the lines of a simple replay attack -- if you *do* change your mind, your earlier (publically posted) ballot can be fed back into the system again, to reset your preferences to those you originally chose. Actually, I was thinking of replay, but was thinking in terms of the system only accepting one vote, but since it accepts it more than ones, this is also an attack... of course, it's irrelevent if you never change your mind. (= Since the voter gets a return e-mail, they'd likely know about it, but if the attacker was clever and threw your ballot in right before the deadline, you wouldn't have enough time to correct it, and would need to bother Manoj to get it sorted out. Yeah, it seems this would be possible in the current system. One way to work around this would be to reject vote e-mails that are identical to ones seen before (say, save a md5sum of the signed portion of the e-mail, *including* the GPG signature block). -- Wesley J. Landaker [EMAIL PROTECTED] OpenPGP FP: 4135 2A3B 4726 ACC5 9094 0097 F0A9 8A4C 4CD6 E3D2 pgptzLOfiXbhV.pgp Description: PGP signature
Re: Vote for the Debian Project Leader Election 2005
Matthew Palmer [EMAIL PROTECTED] wrote: I think that Wesley may be thinking more along the lines of a simple replay attack -- if you *do* change your mind, your earlier (publically posted) ballot can be fed back into the system again, to reset your preferences to those you originally chose. I /believe/ that there's a replay cache to prevent a naive replay attack - I'm not sure if it insists that the order of signing is consistent with the order of receipt. -- Matthew Garrett | [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Vote for the Debian Project Leader Election 2005
* Wesley J Landaker [Thu, 24 Mar 2005 20:23:34 -0700]: On Thursday, 24 March 2005 20:15, Matthew Palmer wrote: Since the voter gets a return e-mail, they'd likely know about it, but if the attacker was clever and threw your ballot in right before the deadline, you wouldn't have enough time to correct it, and would need to bother Manoj to get it sorted out. Yeah, it seems this would be possible in the current system. One way to work around this would be to reject vote e-mails that are identical to ones seen before (say, save a md5sum of the signed portion of the e-mail, *including* the GPG signature block). I've been told on IRC that devotee currently has such a replay-guard mechanism. Perhaps Manoj can confirm, and comment a bit about the implemented safeguards? (Or point to the relevant explanation pages, of course.) -- Adeodato Simó EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621 Algebraic symbols are used when you do not know what you are talking about. -- Philippe Schnoebelen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Vote for the Debian Project Leader Election 2005
Antti-Juhani Kaijanaho wrote: On 20050325T002711+0100, Jeroen van Wolffelaar wrote: Eh, the buyer can demand proof, the same proof a voter has to verify his vote is tallied: ask the secret token. Ouch. Nasty. Bad. (This is one of the reasons why real elections have partisan observers present in vote counting: you cannot give the voter proof of his vote being counted, so you need another way to ensure public trust in the process.) Yup; but conversely, we can't really manage that in Debian -- we'd have to have partisan observers monitoring the adminning of vote.debian.org's mail handling for three weeks, while at the same time not letting them see the non-anonymized votes. Sure, and that is a good argument for this kind of secrecy. AFAICS, you can only choose one of directly check the vote counters are doing the right thing with your vote and be unable to sell your vote. There're too many weird possibilities (especially when you add timing into it) for me to prove that though :) For those playing along at home, the 1999 election was an example of the latter priority; the 2001 election was an (accidental) example of an entirely non-secret leadership ballot. Cheers, aj -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Vote for the Debian Project Leader Election 2005
MJ Ray [EMAIL PROTECTED] writes: [EMAIL PROTECTED] (David N. Welton) wrote: Just to be clear, nothing against Anthony Towns. I think he'd do alright as DPL. Sounds like you've asked a few people and are now hedging your bets! Nope, my comments had nothing to do with him. I'd like to make that very clear. -- David N. Welton - http://www.dedasys.com/davidw/ Apache, Linux, Tcl Consulting - http://www.dedasys.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]