Re: Crypto question: Hashing ultimate outputfor localuse

From: Ron Crane <voting_at_lastland_dot_net>
Date: Mon May 02 2005 - 17:30:46 CDT

This is a *very* important part of our mission. We must not assume that
poll workers are tech-savvy. Our procedures will have to be very
carefully and clearly written, and will have to be focus-group tested
(and refined and tested again) before being finalized.

-R

On May 2, 2005, at 1:35 PM, Ed Kennedy wrote:

> Hello Keith:
>  
> Respectfully, have you been a poll worker?  Poll workers are generally
> elderly and retired folks.  I've done a poll working gig and I have to
> back up Teresa here on the general ability level.  Please give poll
> work a try yourself before assuming poll workers can do various
> things. 
> --
>  
> Thanks, Edmund R. Kennedy
>  
> Always work for the common good.
>  
> 10777 Bendigo Cove
> San Diego, CA 92126-2510
> USA
>  
> I blog now and then at: <http://ekennedyx.blogspot.com/>
> ----- Original Message -----
> From: Teresa Hommel
> To: K@copetech.com ; Open Voting Consortium discussion list
> Sent: Monday, May 02, 2005 4:32 AM
> Subject: Re: [OVC-discuss] Crypto question: Hashing ultimate outputfor
> localuse
>
> You have poll workers who can't find the on-off button on the
> computer, etc. How are they going to accomplish this task with hashes?
> Teresa Hommel
>
> Keith Copenhagen wrote:
>
> Hashing by itself is not a panacea,
>
> You start with a public ovc generated set of hashes that verify the 
> starting point.
> For each election then the people running the election generate the 
> original public
> private key pair (PK) and create a CD that contains a signed set.
>
> Then you build a web of trust (pyramid of delegation) based on PK
> the  propogates
> out to the polling station, and then back to the tabulated record.
>
> Correlating and verifying the integrity of the log(s), then allows
> you to  certify
> the election.  If you have parallel signed logs (ie. 1 in the
> tabulator,  and 1 in
> the operator's flash key) then it becomes virtually impossible to 
> successfuly tamper
> with the data.
>
> If you simply verify the hash at the polling place, then you run the
> risk  of an official
> duplicating the CD and running a parallel election and submitting
> that CD.
>
> -Keith
>
>
> On Sun, 1 May 2005 21:23:14 -0700, Ed Kennedy <ekennedyx@yahoo.com>
> wrote:
>
>
> Hello David:
>
> All very well and good.  However, who would generate the Election
> Day  startup hash of the whole disk if it must be customized for
> every  election at every location?  This introduces the need for
> another  'trusted' (read NOT) person in the administrative process and
> therefore  another weak point. I think that you (all) are going to
> have to go with  modules.
>
> Also, I think we're going to need some administrative process
> whereby  either all the poll workers or at least the poll captain
> signs off that  the hash they see is the one that was in the news
> paper.
>
>
>
>
>
>
> _______________________________________________
> OVC discuss mailing lists
> Send requests to subscribe or unsubscribe to
> arthur@openvotingconsortium.org
> _______________________________________________
> OVC discuss mailing lists
> Send requests to subscribe or unsubscribe to
> arthur@openvotingconsortium.org

_______________________________________________
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Tue May 31 23:17:12 2005

This archive was generated by hypermail 2.1.8 : Tue May 31 2005 - 23:17:52 CDT