[5732] in cryptography@c2.net mail archive
snake-oil voting?
daemon@ATHENA.MIT.EDU (Ed Gerck)
Thu Sep 23 08:28:10 1999
Message-ID: <37E9B886.F74AB615@nma.com>
Date: Wed, 22 Sep 1999 22:20:06 -0700
From: Ed Gerck <egerck@nma.com>
MIME-Version: 1.0
To: cryptography@c2.net
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
List:
Did any of you see this
http://www.votehere.net/content/Products.asp#InternetVotingSystems
that proposes to authenticate the voter by asking for his/her/its SSN#? And, by the
contents of ... an email msg sent to him/her/it?
Besides confusing authentication with identification, VoteHere also confuses the
problem of non-repudiation (that the PKIX WG is struggling with for some years),
as they declare to have solved it as well:
"...also prevents voters from later denying that they cast a ballot."
And, as customary in these cases, by declaring to use very strong keys:
"Every voted ballot is encrypted using 1024-bit public-key encryption."
that, presumedly to them and to the public, must be self-secure. But, the "best claim" is
right at the begining, when they postulate the VoteHere system as commented above
is a "universally verifiable election system" with their own following definition:
4. Universally Verifiable Elections - secure, efficient, and maintains the voter's
privacy. Furthermore, anyone can verify that the election was conducted fairly,
without compromising voters' privacy.
Comments?
Cheers,
Ed Gerck
