Re: [ALSC-Forum] Re: Direct vs. Indirect elections

[L Gallegos]

This discussion completely ignores those who have email access 
only, wihch is a sufficiently large number of people from many 
countries, that it must be addressed.

Leah

On 18 Oct 2001, at 13:10, Sandy Harris wrote:

> 
> Bruce Young wrote:
> 
> > >Will it scale to the millions of potential voters, many just end
> > >users with limited access to limited machines, and many not
> > >speaking English?
> > 
> > So we engineer a client browser plug-in that prompts for language. 
> > I imagine if ICANN asked the public, no small number of developers
> > would be willing to donate time to engineer this for us.
> 
> Perhaps, but it is not an easy problem, given the variety of
> languages, and browsers, out there. Also, I don't think it is at all
> clear either that many developers would want to donate time for this
> or that we should be asking them to, rather than paying them for any
> work we want done.
> 
> On the other hand, many browsers already have multi-language support
> and forms support and SSL/TLS enecryption/authentication security. It
> is not clear we need a plugin, perhaps just a carefully designed set
> of web pages and some translation work.
> 
> > >Give me administrator privilieges (authorised or stolen) on almost
> > >any multiuser system (certainly a standard Unix or Linux box or an
> > >NT network; I'm not sure about a highly secure system like Multics)
> > >and I can easily subvert any PGP software used there.
> > 
> > Maybe.  But if you need a unique PIN to do anything inside the
> > encryption, that should do the trick, don't you think?
> 
> No. That works fine if the PIN is long enough /and/ you can trust the
> computer you give it to.  
> 
> However, if I have have admin privileges on  the computer you use, I
> can easily bypass any cryptographic system you use.
> 
> I read the encrypted stored form of your PGP private key off the disk
> and install software to log your keystrokes. That gives me any data
> you enter -- the passphrase PGP uses to protect the private key, any
> PIN used, ... 
> 
> > It's nice to see this forum actually working out the techie-side
> > "nuts and bolts" of Internet elections.  Let's just not get lost in
> > the details and lose sight of the fact that all this is moot unless
> > we prevent them from hannding the At-Large over to domain name
> > holders.
> > 
> > Bruce Young
> > Integration Engineer, Client Engineering
> > Lockheed Martin Global Telecommunications
> > Phone: 503.466.6571
> > Fax: 503.466.6775
> > E-mail:  Bruce.Young@nwdc.ibs-lmco.com
>