Re: Security markings on the ballot

From: David Mertz <voting-project_at_gnosis_dot_cx>
Date: Thu Oct 23 2003 - 14:28:50 CDT

I've thought a bit more about the security marking since last night. I
still think the image (even if we play with placement), is a poor
security measure.

I wouldn't mind using an image to make the ballots "feel" more official
than a plain paper would; but I don't want to sell this as a security
feature.... we might be able to convince some non-tech-savvy elections
officials that it had to do with security--but as soon as someone who
actually understand cryptography and security comes along, we would have
egg on our face.

What I WOULD like to do, is use a placeholder for the actual
cryptographic signature during the demo. That is, I proposed what I
think is the right protocol--but Doug had some doubts, and I am quite
happy with bracketing that discussion until after the demo. But for the
demo, we could still mark the place where the crypto WOULD go in the
production system. I.e. some quick ASCII art:

    +----------------------------------------+
    | 4216 4216 |
    | |
    | OFFICIAL BALLOT |
    | GENERAL ELECTION |
    | SANTA CLARA ... |
    | |
    | |
    | |
    | President -------> Rachel Carlson |
    | |
    |-- ...etc... --|
    |-- --|
    |-- --|
    |-- --|
    |-- --|
    |-- --|
    |-- --|
    |-- --|
    |-- --|
    |-- --|
    |-- --|
    | |
    | |
    | |
    | |
    | Authentication Code: 123456 |
    | |
    | 4216 4216 |
    +----------------------------------------+

That is, we could actually use the fixed code '123456' for the demo,
just to show where such a thing might go, and how it might look. Anyone
who wants more info, can talk to me or Doug (or to someone) about
cryptographic hash functions, encryption algorithms, key disclosure
schedules, and so on. And I can update the Architecture to contain a
(speculative) discussion of how we might eventually handle such things.

Yours, David...
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Fri Oct 31 23:17:03 2003

This archive was generated by hypermail 2.1.8 : Fri Oct 31 2003 - 23:17:07 CST