voter registration services that transfer the voter data to the state
but keep copies, which copies they are legally allowed to share with their
'affiliates' (read: anyone that signs a contract with them).
Cheers,
Ed Gerck
William Allen Simpson wrote:
> -BEGIN PGP SIGNED MESSAGE-
>
> I'm sorry for the second message, but I could not let the egregious
> error pass uncorrected:
:-) egregious ...
> Ed Gerck wrote:
> > The law does not allow it, and for good reasons as you mentio
David Honig wrote:
> >First of all, that's not "privacy", that's "anonymity".
> >
> >We have voter registration precisely so that we know who the voters
> >are! We are not changing voter registration
> >
> > Ed Gerck wrot
William Allen Simpson wrote:
> And in the same vein, I forwarded Ed Gerck's list of published
> 'requirements' to Lynn. She intends to use them as a perfect example
> of what we DO NOT want!
see below, before you set yourself to re-invent the wheel.
> Ed
ornia
Legislative Hearing on Elections this Jan/16-17.
4. My testimony to the California Legislative Hearing on Elections, available in a
verbatiom copy from the tapes, at
http://www.mail-archive.com/tech@ivta.org/msg00104.html
Cheers,
Ed Gerck
sponsoring the Election Technology
Expo. The Expo will be at the Hyatt Regency in Sacramento, January 16,
from 9:00 to 3:00. It opens at 8:00 for registration. There will be also
a series of panels in the morning.
For information, contact
Bruce McDannold <[EMAIL PROTECTED]>
Cheers,
Ed Gerck
to "give everyone
a record of their vote, so they know exactly what they have done at the
polls" as Baltimore's words did, and that is why you will like the system
I produce, is snake oil of good quality IMO.
I know you are at MIT, but please do not feel offended -- just help
co
lproof, secure, simple to operate and affordable".
Cheers,
Ed Gerck
,
Ed Gerck
-repudiation as we feel the need
for it in protocols -- and note that we did not invent it, rather we discovered it.
Authentication is not sufficient to describe validity.
Cheers,
Ed Gerck
mething is false. Neither are absolute. And
they are quite different when non-boolean variables (ie, real-world variables)
are used. They are complementary concepts and *both* need to be used or
we lose expressive power in protocols, contracts, etc..
Cheers,
Ed Gerck
>
>
> To trans
ty are defined by the number of
bits in a key. Requiring Rijndael to have the same level of security as any other
cipher
for 256 bit keys seems to me like comparing 256 apples with 256 oranges.
Cheers,
Ed Gerck
ign, and Verisign trusts someone else, you automatically
> trust that other party.
Depends on the browser. This is not a requirement or feature of X.509,
though often so confused. For an example where it is not, see Apache.
Cheers,
Ed Gerck
Ed Gerck wrote:
> Even though the web-of-trust seems to be a pretty good part of PGP,
> IMO it is actually it's Achilles heel.
I agree with most comments but they seem to deal more with symptons. Let
me just clarify/justify the above and why I think this is IMO actually the ro
three parallel reporting channels to survey their provinces with some degree
of reliability, notwithstanding the additional efforts.
Cheers,
Ed Gerck
David Honig wrote:
> At 04:45 PM 8/30/00 -0700, Ed Gerck wrote:
> >about whether they work. So, understanding the mathematical
> >properties of trust (trust not as an emotion but as something
> >essentially communicable), how can trust can provide an answer
>
o be
a pretty good part of PGP, IMO it is actually it's Achilles heel.
BTW, many lawyers like to use PGP and it is a good usage niche. Here, in the
North Bay Area of SF, PGP is not uncommon in such small-group business users.
Cheers,
Ed Gerck
ology Alliance) at ivta.org will
surely deal with these principles more and more.
Please see my comments from the viewpoint of understanding what
needs to be done in terms of raising awareness about the
difficulties -- kudos for Bruce! However, denying a solution
is IMO not intellectually fair and not according to what we
already have learned.
Cheers,
Ed Gerck
ture there.
Cheers,
Ed Gerck
this gap -- perhaps with your help as well.
Cheers,
Ed Gerck
[1] Safevote (www.safevote.com) is a founding member of the Internet
Voting Technology Alliance (www.ivta.org) and develops OEM (Original
Equipment Manufacturer) systems for Internet voting, polling, public
elections, bidding, cons
://www.ivta.org
Cheers,
Ed Gerck
ely
defined as a key
which has always one bit more than the highest bit of any key in existence, even of
itself. Without
any regard, of course, to the protocol it uses.
Cheers,
Ed Gerck
Ted Lemon wrote:
> Ed Gerck wrote [reinserted for context]:
>
> >In fact, if there would be a pre-defined reward for those that find holes
> >in today's increasing electronic and "secure" systems then companies
> >could rely in that reward both
ct and is probably too short to
satisfy all the legals ins and outs, but the idea is to use the reward
mechanism in a positive way to counter what I may call a "tendency"
and its potential bad effects, while preserving the good ones -- especially
to enhance security in a quasi-public review process.
Comments?
Ed Gerck
art card' programmer
But, maybe, not quite 'smart' today ;-)
Cheers,
Ed Gerck
denying the cause. Can we devise such
solutions?
Cheers,
Ed Gerck
proponents actually
mired in the muck when they saw that it would apply also to them ;-)
Cheers,
Ed Gerck
Anonymous wrote:
> On Sat, 09 Oct 1999 20:35:15 -0700, Ed Gerck <[EMAIL PROTECTED]> wrote:
>
> > In reference to the recent discussions on voting, I am
> > preparing a list of desirable properties of voting, as a
> > secure protocol. Of course, it may not be desi
a voter can only check if his own vote if counted
correctly. If
it is verifiable whether all votes are counted correctly, then the verifiability is
universally.
8. Receiptfreeness: A voter can't prove to a coercer, how he has voted. As a result,
verifiable vote buying is impossible.
Cheers,
Ed Gerck
xample in a more direct form
in the UNIX crypt salt method -- which also reduces the efficiency of dictionary
attacks.
Cheers,
Ed Gerck
ryone
would be 100% honest and if everyone would tell all the others what
it verified, then it would work ;-) but, then, no protocol is necessary
or even possible for the sheer size of msgs involved.
Cheers,
Ed Gerck
Anonymous wrote:
> Ed Gerck wrote:
> >Did any of you see this
> >http://www.votehere.net/content/Products.asp#InternetVotingSystems
> >
> >that proposes to authenticate the voter by asking for his/her/its SSN#?
>
> It looked like the idea for this part was to p
ble election system" with their own following definition:
4. Universally Verifiable Elections - secure, efficient, and maintains the voter's
privacy. Furthermore, anyone can verify that the election was conducted fairly,
without compromising voters' privacy.
Comments?
Cheers,
Ed Gerck
Taylor:
Please check http://www.mcg.org.br/faust.htm and
http://www.mcg.org.br/nrfc3.htm (this one to be updated on Monday, April 5th)
Cheers,
Ed Gerck
M Taylor wrote:
> I am looking for letters, essays, op-ed, or other writings which explain
> why privacy is important on the Internet
) There is also a serious question of how one would distribute
an updated top level CA certificate, when the expired certificate is
"hardwired" in the software. Unless there is a second trusted CA who
can sign the distribution, the new certificate cannot be cer
when
seen in conjunction with other requirements (e.g., the
FECs Voting System Standards) and what is provided
by current cryptographic protocols.
Comments are welcome.
Cheers,
Ed Gerck
rewell to security systems which do not take into account the
message's statistics and perfunctorily pad bits -- which is a funny
flaw, since the attackers of such systems always tend to do
otherwise.
Comments?
Cheers,
Ed Gerck
of secondary roots and opening up
the DNS name space away from the center and into the Net's edges:
each one of us.
Cheers,
Ed Gerck
__
Dr.rer.nat. E. Gerck [EMAIL PROTECTED]
http://novaware.cps.softex.br
) data base on the Internet
>Server.
Of course, since they must all pass through the server.
>If the internal network itself cannot be compromised,
>neither is there any danger in having data sent out by our own
>program.
>
"If" is
t stock-exchange crisis.
However, IMO the presentation is correct when it considers that
"trust management" cannot work and focuses on "risk management" as a
useful concept.
This is however undermined by the absence of a w
40 matches
Mail list logo