Nigel Jones wrote: >> We probably would want to tie to the existing auth system. Currently we >> allow people to join groups while elections are in progress and they get >> to vote in those elections. Keeping track of group joining while an >> election is in progress and sending out new one-time passwords wouldn't >> be the best in this situation. Also, I'm pretty sure that some of our >> users won't like the fact that the passwords travel via email. (We could >> encrypt with GPG if we have a key on file or something but that's extra >> work that when we'd be happier to put the extra work into getting our >> authentication working with the app). > We do have some weird requirements at times for allowing people to vote, > at least with doing everything ourselves we can check on the spot > in-app. It may well be that your specific requirements make Helios a poor choice. If you need to modify the list of voters while an election is in progress, that's probably an incompatibility that won't go away: Helios is meant for secure elections, and modifying the voter list after some people have already cast a vote is an inherent weakness. A weakness which Fedora may be completely willing to accept of course, but that makes Fedora a very special case, so this likely won't be built into Helios. > Why change to something else when what we use now is proven to work? I'm pretty sure that your system, like almost every other election system is only proven to work insofar as you haven't noticed any errors... but then again how would one notice an error in a system where voters send in a vote to a black box, and out comes a tally? Even if the code is free/open-source, voters can't be sure *which* code was actually used to compute the tally. So the chance that you'd detect an error in tallying is actually fairly small. That's what Helios is meant to address, and in that respect, I can't stress enough how it is radically different than most code you see. It provides a cryptographic proof of every election result, so an observer can run *his* code on the public election data to verify that all captured votes, identified by hash at casting time, were correctly tallied. All without violating voter secrecy. If this sounds intriguing and you want to learn more, and if you have 60-90 free minutes (Hah, I know, crazy, but you never know), here's a presentation I gave at Google on this topic in general: http://youtube.com/watch?v=ZDnShu5V99s What this kind of technology means is that you can safely outsource your election to a third party, and you know the election ran well because the third party provides a proof of the election. As Fedora is not in the business of elections, I would recommend considering this as an option. But again, if your voting requirements must remain as unique as described by Toshio, then maybe Helios isn't the right solution. Regardless, I really appreciate everyone's time considering Helios. I'm happy to answer any additional questions, of course, and I appreciate all of the feedback! -Ben _______________________________________________ fedora-advisory-board mailing list fedora-advisory-board@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-advisory-board
