| 1 |
On Sat, Aug 28, 2021 at 6:30 AM Michał Górny <mgorny@g.o> wrote: |
| 2 |
> |
| 3 |
> 3. When the voting phase beings, the system creates random identifiers |
| 4 |
> for all voters. Each identifier is encrypted using voter's PGP key |
| 5 |
> and sent via email to the voter. The voter-identifier mapping is |
| 6 |
> discarded immediately to reduce the risk of it leaking. |
| 7 |
> |
| 8 |
|
| 9 |
What happens if an eligible voter reports they didn't get the email |
| 10 |
(most likely because email is horribly broken, but it could also be |
| 11 |
nefarious)? |
| 12 |
|
| 13 |
I suppose one solution would be to save the encrypted emails before |
| 14 |
they are sent. Then if one is missing it could be retrieved by an |
| 15 |
admin/etc and resent. Since the contents of the email are encrypted |
| 16 |
the only info divulged is that somebody was an eligible voter in the |
| 17 |
election, which is generally semi-public record around here. This |
| 18 |
avoids creating additional vote identifiers and eliminates any need to |
| 19 |
question the validity of the complaint. |
| 20 |
|
| 21 |
-- |
| 22 |
Rich |
Archives