On Sun, 1 Apr 2007 18:11:38 +0200, Michal Čihař <[EMAIL PROTECTED]> said:
> Hello On Fri, 30 Mar 2007 11:02:49 -0500
> Manoj Srivastava <[EMAIL PROTECTED]> wrote:
>> It turns out that it was indeed encrypted, but the message was not
>> signed; which means there is no information about who is sending
>> the ballot. This is a legitimate addition to the ballot; I'll point
>> it out in the next CFV.
> It of course was signed,
No, it was not. The body of the encrypted but not signed email
contained a signed vote, but the email itself was not signed.
> I simply don't know what went wrong, but it seems that something
> fooled script which is handling votes (signature won't verify,
> because I deleted the votes):
I do know what went wrong.
This is the most creative and weird action I have seen in the
last few elections.
You send an encrypted mail, which was not itself signed. This
caused the vote to be rejected. Now, the body of the mail, once you
decrypted it, did contain a signed vote -- but this is too late,
since the outer mail was not signed, nothing processed the decrypted
body.
And no, you do not need to send in inline PGP when encrypting
ballots; you can send a signed *AND* encrypted RFC 3156 mail
message.
manoj
--
Successful and fortunate crime is called virtue. Seneca
Manoj Srivastava <[EMAIL PROTECTED]> <http://www.debian.org/~srivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
