[Foundation] Electronic voting and identity verification

Casey Crabb debug at nafai.dyndns.org
Fri Oct 11 16:03:52 CDT 2002


With the recent passing of an ammendment to allow for electronic voting 
such that the secretary can verify one's identity, I propose that we use 
PGP/GPG keys and signatures for verification. It solves the problem of 
identity and has stood the test of time. We have protocol support for 
point-to-point encryption, so jabber is able to speak in signed and 
encrypted messages so long as the clients support that part of the protocol.

For this to work, each jsf member would need to provide a public key to 
the secretary, who will put it in a keyserver that the jsf runs. This 
keyserver should have public access to request keys, but not to submit them.

Then a jabber/email-bot could be created that speaks point-to-point 
encryption over both jabber and email. This bot would have a key of its 
own that can be used to encrypt message to it. This bot could then be 
responsible for running votes. The bot should keep full logs of messages 
and emails so that votes can be independantly tallied.

I think these are the goals that need to be accomplished:
1) Write down why we think we need gpg/pgp keys for jsf members
2) send that out for discussion
3) Collect keys from jsf members and put them in our keyserver
4) develop replacement for memberbot that understands gpg encrypted 
jabber messages AND can deal with a mail spool so people can email in 
votes as well..
5) test system with a dummy vote

There are probably others, and those may be out of order, but I think 
those are necessary.

I hope to have stared #1, and #2 with this email.

Thoughts/flames?

--
Casey




More information about the Members mailing list