Fwd: Crypto question: Hashing ultimate output for local use

From: David Mertz <voting-project_at_gnosis_dot_cx>
Date: Mon May 02 2005 - 15:47:19 CDT

> That's good and it's clear. However, what if the local
> vendor/customizer decides to add some malware to one or both of the
> two new files?

The files added are human-readable XML. The added files ARE NOT (and
cannot be) executable in any way. The thousand concerned per-county
downloaders/citizens should examine those files as part of building
their testing of the combined ISO. Being XML, there's really nowhere
for anything malicious to hide--and NO REQUIREMENT to trust anyone.

I think, Ed, you keep wanting to make this seem like something much
more complex than it is. The hashing procedure is, instead, enormously
simple and entirely transparent. It's something I can easily explain
to any intelligent 12 y.o.

For example, in the article I wrote about the XML format used in the
OVC demo, I showed what might be a ballot definition format. See
http://www-128.ibm.com/developerworks/xml/library/x-matters36.html. Do
not get too hung up by the exact spelling of the tag names in the below
snippet; but the concepts in the eventual standardized format will be
similar. E.g.:

<ballot election_date="2008-11-04" country="US" state="CA"
         county="Santa Clara County" precinct="2216">
   <contest ordered="No" coupled="Yes"
            allow_writein="Yes" name="Presidency">
     <selection party="Reform"
                name="President">Martin Luther King</selection>
     <selection party="Reform"
                name="Vice President">John Anderson</selection>
     <selection party="Workers"
                name="President">Helen Keller</selection>
     <selection party="Workers"
                name="Vice President">Amelia Earhart</selection>
     <selection party="Socialist"
                name="President">V. I. Lenin</selection>
     <selection party="Socialist"
                name="Vice President">Karl Marx</selection>

The added files will look something like that. And there's REALLY
nowhere to hide anything nasty in there. Sure, a ballot definition
probably requires examination--a candidate name could be changed or the
like. But anything wrong is easily detectable.

OVC discuss mailing lists
Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Tue May 31 23:17:12 2005

This archive was generated by hypermail 2.1.8 : Tue May 31 2005 - 23:17:52 CDT