List:
Did any of you see this
http://www.votehere.net/content/Products.asp#InternetVotingSystems
that proposes to authenticate the voter by asking for his/her/its SSN#? And, by the
contents of ... an email msg sent to him/her/it?
Besides confusing authentication with identification, VoteHere also confuses the
problem of non-repudiation (that the PKIX WG is struggling with for some years),
as they declare to have solved it as well:
"...also prevents voters from later denying that they cast a ballot."
And, as customary in these cases, by declaring to use very strong keys:
"Every voted ballot is encrypted using 1024-bit public-key encryption."
that, presumedly to them and to the public, must be self-secure. But, the "best claim"
is
right at the begining, when they postulate the VoteHere system as commented above
is a "universally verifiable election system" with their own following definition:
4. Universally Verifiable Elections - secure, efficient, and maintains the voter's
privacy. Furthermore, anyone can verify that the election was conducted fairly,
without compromising voters' privacy.
Comments?
Cheers,
Ed Gerck
