* Wesley J Landaker [Thu, 24 Mar 2005 20:23:34 -0700]: > On Thursday, 24 March 2005 20:15, Matthew Palmer wrote:
> > Since the voter gets a return e-mail, they'd likely know about it, > > but if the attacker was clever and threw your ballot in right before > > the deadline, you wouldn't have enough time to correct it, and would > > need to bother Manoj to get it sorted out. > Yeah, it seems this would be possible in the current system. One way to > work around this would be to reject vote e-mails that are identical to > ones seen before (say, save a md5sum of the signed portion of the > e-mail, *including* the GPG signature block). I've been told on IRC that devotee currently has such a replay-guard mechanism. Perhaps Manoj can confirm, and comment a bit about the implemented safeguards? (Or point to the relevant explanation pages, of course.) -- Adeodato Simó EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621 Algebraic symbols are used when you do not know what you are talking about. -- Philippe Schnoebelen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]