1 |
On Sat, Aug 28, 2021 at 6:30 AM Michał Górny <mgorny@g.o> wrote: |
2 |
> |
3 |
> 3. When the voting phase beings, the system creates random identifiers |
4 |
> for all voters. Each identifier is encrypted using voter's PGP key |
5 |
> and sent via email to the voter. The voter-identifier mapping is |
6 |
> discarded immediately to reduce the risk of it leaking. |
7 |
> |
8 |
|
9 |
What happens if an eligible voter reports they didn't get the email |
10 |
(most likely because email is horribly broken, but it could also be |
11 |
nefarious)? |
12 |
|
13 |
I suppose one solution would be to save the encrypted emails before |
14 |
they are sent. Then if one is missing it could be retrieved by an |
15 |
admin/etc and resent. Since the contents of the email are encrypted |
16 |
the only info divulged is that somebody was an eligible voter in the |
17 |
election, which is generally semi-public record around here. This |
18 |
avoids creating additional vote identifiers and eliminates any need to |
19 |
question the validity of the complaint. |
20 |
|
21 |
-- |
22 |
Rich |