Re: [ALSC-Forum] Re: Direct vs. Indirect elections

[Sandy Harris]

Bruce Young wrote:

> >Will it scale to the millions of potential voters, many just end users
> >with limited access to limited machines, and many not speaking English?
> 
> So we engineer a client browser plug-in that prompts for language.  I
> imagine if ICANN asked the public, no small number of developers would be
> willing to donate time to engineer this for us.

Perhaps, but it is not an easy problem, given the variety of languages,
and browsers, out there. Also, I don't think it is at all clear either
that many developers would want to donate time for this or that we should
be asking them to, rather than paying them for any work we want done.

On the other hand, many browsers already have multi-language support
and forms support and SSL/TLS enecryption/authentication security.
It is not clear we need a plugin, perhaps just a carefully designed
set of web pages and some translation work.

> >Give me administrator privilieges (authorised or stolen) on almost any
> >multiuser system (certainly a standard Unix or Linux box or an NT
> >network; I'm not sure about a highly secure system like Multics) and I
> >can easily subvert any PGP software used there.
> 
> Maybe.  But if you need a unique PIN to do anything inside the encryption,
> that should do the trick, don't you think?

No. That works fine if the PIN is long enough /and/ you can trust the
computer you give it to.  

However, if I have have admin privileges on  the computer you use, I can
easily bypass any cryptographic system you use.

I read the encrypted stored form of your PGP private key off the disk and
install software to log your keystrokes. That gives me any data you enter
-- the passphrase PGP uses to protect the private key, any PIN used, ... 
 
> It's nice to see this forum actually working out the techie-side "nuts and
> bolts" of Internet elections.  Let's just not get lost in the details and
> lose sight of the fact that all this is moot unless we prevent them from
> hannding the At-Large over to domain name holders.
> 
> Bruce Young
> Integration Engineer, Client Engineering
> Lockheed Martin Global Telecommunications
> Phone: 503.466.6571
> Fax: 503.466.6775
> E-mail:  Bruce.Young@nwdc.ibs-lmco.com