[openskills-dev] Another constitution question

Patrick Lesslie patricklesslie at iinet.net.au
Thu Oct 28 04:13:02 BST 2004


On Wed, Oct 27, 2004 at 12:50:05AM +1000, Daniel Noll wrote:
> On Tue, 26 Oct 2004 21:58, Patrick Lesslie wrote:
> > On Tue, Oct 26, 2004 at 07:20:06PM +1000, Daniel Noll wrote:
> > > The email version... might just be procmail and a Perl script... pipe
> > > through gpg to verify the signature, then grep for the magic formatting.
> >
> > I think that would be a neat system.
> >
> > Also I was forgetting the secret part of "secret ballot", and of course
> > with lots of votes electronic counting is even more important.
> >
> > I think the toughest thing would be to guarantee the secrecy of the
> > ballot.  Maybe the headers and signature could be stripped once the ID
> > had been verified and crossed off.
> 
> If you need strip off the headers, you have to wonder what is left.  The 
> remaining document is not only identical to the original (and thus would 
> probably be misinterpreted in the same way when recounted by the same 
> program), but is also quite tamperable due to its new status as an unsigned 
> document.

Yes that's true.  I was thinking more of analysis by a person, or
something like that.  But you're right of course, without the signature,
it is tamperable.

> Maybe as a measure for tamper-proofing the system, the same ballot should be 
> run through multiple programs.  Say, 10 programs, written by 10 different 
> OpenSkills members in order to implement the same specification.  That should 
> throw away the need for any recounting, so that the system can just firmly 
> store the totals and the list of people who have voted. :-)

That seems good, except that it means that ten members have to be
trusted not to look at the votes.  (Hey, I think that's fine :-) )

It seems to me that no matter how it's done, the same basic problem
will arise:  How does one ensure that votes are both tamperproof and
anonymous?

I think the anonymity is the least important of the two objectives
(although it is important enough to be in the proposed constitution).
Both can be reasonably implemented, but in the end the only sure way
to make sure every vote is counted and counted correctly, and that there
are no spurious extra votes, is for the votes have to be available
complete with signatures, to be checked by a trusted third party.

Patrick Lesslie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.openskills.org/pipermail/openskills-dev/attachments/20041028/e8f7148c/attachment.pgp


More information about the OpenSkills-dev mailing list