IETF Logo Mail Archive

Voting Security (was: The Next Genaration)

Eric Rescorla <ekr@rtfm.com> Thu, 12 September 2019 15:56 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8066C12012A for <ietf@ietfa.amsl.com>; Thu, 12 Sep 2019 08:56:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WreI3Fqc8e6v for <ietf@ietfa.amsl.com>; Thu, 12 Sep 2019 08:56:46 -0700 (PDT)
Received: from mail-lf1-x12a.google.com (mail-lf1-x12a.google.com [IPv6:2a00:1450:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6137120122 for <ietf@ietf.org>; Thu, 12 Sep 2019 08:56:45 -0700 (PDT)
Received: by mail-lf1-x12a.google.com with SMTP id x80so19816056lff.3 for <ietf@ietf.org>; Thu, 12 Sep 2019 08:56:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=vA7yWA6Ytqsw/3ctWZrra5Ohsam6tmXwaa5RMoLYDuQ=; b=uZKFvBvkYMKe+18C3eujLFSt5fC2g4R0RMTRXLC2+4NR9G5ChTQc9a9pKVeYT39bY2 3SVq1lYhaZ8Z23F9KVFzPqk6YnQNOMyLZwyNTNnVvYxN9RYGR7mzQPDq43oZm123EwEi xDTQmaowpwIA5o1s69jW7OFXW0qPN/OxFkKga5mJPHtwuPYQroeQKMiHH3csrRICAgE/ ZEDv9To+5gO8MyDr3ZtQ/Vx4TOWxm6omVLvaYXk0aWNWQSS1AZ5khLG+qpWmlrC0KGWV BpaMXfmz0K73pEAflRf3WWDH9D8NlbIHxpctdHcPmJtPIv2SPSKA7B6Piw3j4aQSgUqT RgUQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=vA7yWA6Ytqsw/3ctWZrra5Ohsam6tmXwaa5RMoLYDuQ=; b=cbZAaN8AxYk+wuBiq8+jR5RPCnJhPqph/d+medhKgAZm1eP+7rM22cuFct38csLadv 7+tHm26B2t8P1zzIxzSXFwcoWtywRRymipiybj4pfvBZlqphMgY0L8jBtn8JwjH8rX33 8bMX+h6SupxKQBK/sPWGOTm8NDCC4jQqMKopNdsR7st+qUFrw02AfL2K0yjIScDsZsDK wGFVnz48oXfoM0ohVZNPvvzio2Qg0Amr4CJ/pB5CB7yEDd4MMeMA0Cs807XCpakrt4bl DlBSWreML5j6K4ZftzDeuFxk2I7VBqm2QxgnUfd13ZZIyvfbkPk4JZu/SB03s9pvxvMp R6FA==
X-Gm-Message-State: APjAAAVTJYdOgSway3G+RaI++NIaqfIlExHcC8emrOu9v69bEd5OwtL7 sOGgHxTtyBefikYWPXCC7ZaBLPkaPf7jlyaDD6ZVF6ISFuk=
X-Google-Smtp-Source: APXvYqztCMvYz3a/KPdx7GE7NoA+97uwbU9S2yy3hxro45mA8QBX+U5wjg5u3v3yb7E74Mgsq2mqYIpHj9ZJ4Z3X26I=
X-Received: by 2002:ac2:5a19:: with SMTP id q25mr5290239lfn.178.1568303804132; Thu, 12 Sep 2019 08:56:44 -0700 (PDT)
MIME-Version: 1.0
References: <CAChr6Sz3j0iLGsB2bGvfitPzCkiTCJYHfmUF5S-8zPYMt1r+3A@mail.gmail.com> <6.2.5.6.2.20190911094010.0c933fa8@elandnews.com> <20190911194723.GC18811@localhost> <6.2.5.6.2.20190911131143.11401cb8@elandnews.com> <CAMm+Lwi2CDBCDUhMG7Z487G-BYVp4rRJ=YG73Z=M=TkZ=jaAbQ@mail.gmail.com> <alpine.DEB.2.21.1909121135080.32554@sleekfreak.ath.cx>
In-Reply-To: <alpine.DEB.2.21.1909121135080.32554@sleekfreak.ath.cx>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 12 Sep 2019 08:56:07 -0700
Message-ID: <CABcZeBMp7dzvTGnPTk=q79pf5KYiMd0eepEXiyFw=imPNkSfBg@mail.gmail.com>
Subject: Voting Security (was: The Next Genaration)
To: shogunx@sleekfreak.ath.cx
Cc: IETF Discussion Mailing List <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002544f105925d2f40"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/E_3jusE5fxMWsT-S7KLZyo0yrW4>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Sep 2019 15:56:50 -0000

[Changing the subject line because this is a change of topic.]

On Thu, Sep 12, 2019 at 8:37 AM <shogunx@sleekfreak.ath.cx> wrote:

> IMHO, if the interest is in protecting the democratic process, the first
> place we should look is the digital voting infrastructure, as that is the
> vector most abused.  Knowing what I do about network and computer security
> in general, I have come to the conclusion that hand counted paper ballots
> with a strong chain of custody are the only way to ensure a free and fair
> election.
>

This is pretty off-topic for IETF, but might be interesting to people.

I certainly agree that software independence (
https://en.wikipedia.org/wiki/Software_independence) is a good objective
for voting systems, and hand-counted paper ballots are one good way to
achieve that. However, there are voting environments where they are
problematic. Specifically, because the time to hand-count ballots scales
with both the number of ballots and the number of contests, in places like
California where there a large number of contests per election it can be
difficult to do a complete hand-count in a reasonable period of time.

One good alternative is hand-marked optical scan ballots which are then
verified via a risk limiting audit (
https://en.wikipedia.org/wiki/Risk-limiting_audit). This can provide a much
more efficient count that still has software independence up to a given
risk level \alpha.

-Ekr



> Scott
>
> >
> >
> >
> >
>
>

v2.23.0 | Report a Bug | By Email