[Fwd: Re: [E-voting] About Estonian e-voting]
colm at stdlib.net
Mon Oct 24 12:15:59 IST 2005
On Mon, Oct 24, 2005 at 09:10:35PM +1000, Craig Burton wrote:
> Agree. We have to trust someone somewhere. Even in a paper election no
> one observer can be everywhere at once.
A lot of those observers are in competition, and very keen to see that
the other side does not cheat. Cheating is vastly more manifest and
detectable on paper.
> We have to trust other people didn't see something bad. For the
> software, the best way to do this is to give out the source codes
> (signed by us) to several groups for inspection. If no people
> complain, one group compiles the code on a known clean compiler and
> they and others then sign the compiled object. I concede that,
> unlike making ballot box seals, someone who wants to watch software
> signing will actually see very little but we should rely on several
> groups' satisfaction with the code.
This is a pointless waste of time. The malicious code could be in
the compiler, or in a library used, even the basic system libraries.
It could be in the kernel, and it could even be in the hardware. You
need to read;
for just one example of how this works.
Colm MacCárthaigh Public Key: colm+pgp at stdlib.net
More information about the E-voting