Don't feed the trolls

From: David Mertz <voting-project_at_gnosis_dot_cx>
Date: Tue May 03 2005 - 12:08:47 CDT

On May 3, 2005, at 11:30 AM, JamBoi wrote:
...[Mallory intercepts and modifies voting messages]...

Yep, that's a threat that people a whole lot smarter than Drew Johnson
(JamBoi) have analyzed. I'm one of those smarter people, but people
much smarter than me have thought about it too. It's been discussed at
great length on the OVC-DEV list, about a year and half back.

None of it has anything to do with XML. It was very well analyzed (in
much more precise form), in Scheier's excellent _Applied Cryptograph_
(that people have mentioned), years before XML existed.

Some of those people whose intelligence and knowledge is elephantine
compared to Johnson's myrmicine dimensions have proposed the XML
signature standard. I am not per se advocating these particular
cryptology techniques, but the range of concerns are long familiar
among XML developers:

   http://www.w3.org/TR/xmldsig-core/

> unique data format and transport protocol "OVCML"
> I mentally add months onto the R&D time

For actual attackers, the addition is *minutes*, not months, of course.

-----
If I seem shortsighted to you, it is only because I have stood on the
backs of midgets.

_______________________________________________
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Tue May 31 23:17:14 2005

This archive was generated by hypermail 2.1.8 : Tue May 31 2005 - 23:17:52 CDT