[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[discuss] Voting mechanism details

> From: Cthulhu's Little Helper [mailto:skritch@home.com]
> Sent: Monday, June 28, 1999 1:51 PM

> I see two major ways this can be done:
> 1)  The polling occurs via e-mail.
> 2)  The polling occurs via website.

> Comments?

 Your analysis is correct, but you left out that a web-site give
immediate response. As far as authentication goes, certs could be
issued, using OpenSSL (yeah, I know the server is in France.) and that
should provide sufficient auhtentication when used together with
mailid/passwd pairs. Joop has been working on this stuff and he has the
software. Personally, since we know the size of this group (from the
mailer list software) we can simply check votes against total count. If
it exceeds the size of this group then we have a cheater among us.

Yes, I can trivially create over 120,000 users over night, subscribe
them all to the list, and auto-vote them all in one evening. Web-site
method are more resistant to this attack. However, it is also trivial to
detect such a ploy and invalidate that vote. The other issue is why
anyone would want to do that.