20 messages in org.oasis-open.lists.election-servicesRE: Things to do - Requirement Docume...| From | Sent On | Attachments |
|---|---|---|
| Michael Zolotarev | Jun 14, 2001 10:26 pm | |
| Krishna Sankar | Jun 15, 2001 12:34 am | |
| Michael Zolotarev | Jun 17, 2001 7:13 pm | |
| Krishna Sankar | Jun 17, 2001 7:56 pm | |
| Michael Zolotarev | Jun 17, 2001 8:16 pm | |
| Michael Zolotarev | Jun 22, 2001 12:48 am | |
| Jason Kitcat | Jun 22, 2001 1:53 am | |
| Krishna Sankar | Jun 22, 2001 6:22 am | |
| Krishna Sankar | Jun 22, 2001 6:22 am | |
| Jason Kitcat | Jun 22, 2001 7:47 am | |
| Thom Wysong | Jun 22, 2001 10:28 pm | |
| Krishna Sankar | Jun 22, 2001 11:29 pm | |
| Michael Zolotarev | Jun 24, 2001 5:07 pm | |
| Krishna Sankar | Jun 24, 2001 5:20 pm | |
| Michael Zolotarev | Jun 24, 2001 5:23 pm | |
| Michael Zolotarev | Jun 24, 2001 5:34 pm | |
| Michael Zolotarev | Jun 24, 2001 5:43 pm | |
| Kevin Broadfoot | Jun 25, 2001 1:28 am | |
| Jason Kitcat | Jun 25, 2001 4:07 am | |
| Kevin Broadfoot | Jun 25, 2001 6:20 am |
| Subject: | RE: Things to do - Requirement Document. Security. | |
|---|---|---|
| From: | Krishna Sankar (ksan...@cisco.com) | |
| Date: | Jun 22, 2001 6:22:55 am | |
| List: | org.oasis-open.lists.election-services | |
Jason,
Good comments. Here are my observations.
1. We would add audit as another section. While we are on this subject, what other sections do you see for the req document ?
2. The partial encryption is to *selectively* expose information. For example for statistics purpose, one might have to look at the county information, but not the actual voting. So there could be two encryptions - one for county and one for actual vote. Again, the point is, we should not make it *impossible* to do partial encryption. For all we know, we might do full encryption.
cheers
|-----Original Message----- |From: Jason Kitcat [mailto:je...@free-project.org] |Sent: Friday, June 22, 2001 1:42 AM |To: elec...@lists.oasis-open.org |Subject: RE: Things to do - Requirement Document. Security. | | |Hi, | |>The attached is [a very rough cut of] the security requirements |for generic |>Vote and Ballot tokens. | |Thanks for getting the ball rolling ;-) | |>It doesn't mention the identification and audit - I don't consider them to |>really belong there, in the security section. | |I'd have to disagree. If you don't think about the security/privacy |implications of providing, for example, audit trails now then it may |prove difficult to retrofit them later. | |Also you say: | |>Note. It SHALL be possible to encrypt only certain components of the |>complete vote structure, rather >than encrypting the whole lot. | |And the same again with regards to ballots. I don't see what you're |trying to say/achieve by this because plainly the entire vote |structure could be encrypted with something like SSL or just a hand |rolled encryption solution. Please explain... | |regards, |Jason | |-- | The FREE e-democracy project |---------------------------------------- | http://www.free-project.org |---------------------------------------- | secure, private and reliable Free Software |