cookies and OnLine Voting

Ed Hartley roho2 at rcpattern.com
Thu Dec 23 19:52:33 AKST 2004 

At the moment I type this there are 404 members on the discussion list. I 
don't know how many of these belong to NSRCA.

Ed Hartley
roho2 at rcpattern.com

----- Original Message ----- 
From: "Grow Pattern" <pattern4u at comcast.net>
To: <discussion at nsrca.org>
Sent: Thursday, December 23, 2004 11:41 PM
Subject: Re: cookies and OnLine Voting


> Steve,
>           If the current member number is, say 600 plus,  how many do you 
> think are on the discussion list?  I heard about 200. If that is right 
> then we need to design a system that reaches more than just this e-mail 
> list.
>
> Just thinking out loud,
>
> Eric.
>
>
> ----- Original Message ----- 
> From: "RC Steve Sterling" <rcsteve at tcrcm.org>
> To: <discussion at nsrca.org>
> Sent: Thursday, December 23, 2004 10:32 PM
> Subject: RE: cookies and OnLine Voting
>
>
>> Thanks Bill-- you can probably tell I love this techy stuff-- Which has 
>> got
>> me thinking about the correct way to do an online voting system, should 
>> the
>> new officers and membership choose to consider it.
>>
>> To ensure acceptability, it would need to be a "double-blind" system.
>> Required protections would include:
>> -- Define criteria of "valid voting members", then system restricts 
>> voting
>> to only those meeting the criteria.
>> -- Authenticate the voter (ensure someone else doesn't vote in your 
>> name).
>> -- Ensure no multiple ballots.
>> -- Provide feedback to the voter so they know their vote got registered 
>> as
>> the intended, and provide a doublecheck just in case the system errors or
>> did let someone else vote in your spot.
>> -- Protect the secrecy of an individual's vote. (Use double-blind 
>> databases)
>> -- Auditable results.
>> -- Mail-in ballots for those that don't have online access or don't want 
>> to
>> use online ballots.
>>
>> I'm not sure "double-blind" system is exactly the correct label for it, 
>> but
>> I'll try to illistrate. Think of a paper ballot with individual serial
>> numbers, the serial number is listed on the main ballot, plus on a 
>> tear-off
>> strip. When someone votes and puts their ballot in the box, they tearoff 
>> the
>> strip with their ballot serial number on it. When tallying the votes, a 
>> list
>> is made of the ballot serial numbers and how it was voted. An individual
>> voter can look at the results list, and using the ballot serial number,
>> check and see that his/her vote was counted, and counted correctly. But 
>> know
>> one can tell how any individual voted except the individual voter that 
>> holds
>> that ballot number.
>>
>> We could build it, test it over the next year on some surveys, work out 
>> any
>> bugs and build user confidence, before doing anything as critical as an
>> election.
>>
>> Steve Sterling
>> Web Team Member
>>
>> -----Original Message-----
>> From: discussion-request at nsrca.org
>> [mailto:discussion-request at nsrca.org]On Behalf Of Bill Glaze
>> Sent: Wednesday, December 22, 2004 7:13 AM
>> To: discussion at nsrca.org
>> Subject: Re: Off Topic
>>
>>
>> Steve:
>> Thanks so much to you and Marty for your education about cookies.  Not
>> only have you completely explained my "need to  Know" (read: curiosity)
>> but you folks have taught me something also.  (Not an easy thing to do,
>> BTW! ;-)   Is this list great, or what?  Bill Glaze
>>
>> RC Steve Sterling wrote:
>>
>>>Hi-- without disclosing too much of the site's security that would give a
>>>hacker an edge to break in--
>>>
>>>On login when you travel into the member's only section (retrieve latest
>>>K-Factor, membership management etc), a non-persistent cookie is set as a
>>>token so you don't have to login to each separate page you may browse.
>>>
>>>Other non-persistent cookies are used to pass values from one page to
>>>another in the membership administration sections (mainly Maureen's
>> domain).
>>>
>>>Note they are non-persistent cookies.  They are never written to the 
>>>user's
>>>hard-disk, unlike "normal" cookies. They only exist as a volitile 
>>>variable
>>>in that browser session. Closing the browser distroys them. You will also
>>>see a "logout" on some of those members pages, and those distroy the
>> cookies
>>>without closing the browser.
>>>
>>>Why did I use non-persistent cookies? Other methods of passing this token
>>>are much easier to hack.
>>>
>>>You can test this yourself. Login to www.nsrca.org/members. You will see 
>>>a
>>>menu with at least "download kfactor", "Update Password" and "Logout".
>> Click
>>>on "download Kfactor" and/or "Update Password". You get there without
>>>hassle. Hit the browser back button. You get back to the menu
>>>(www.nsrca.org/members/default.asp), again without hassle. Close the
>> browser
>>>window, open up another and go back to the menu at
>>>www.nsrca.org/members/default.asp. It makes you login again because that
>>>cookie was destroyed.
>>>
>>>I only speak for the section I am responsible for 
>>>(www.nsrca.org/members).
>>>Other people take care of other areas. They may be using cookies (normal 
>>>or
>>>non-persistent) for other purposes.
>>>
>>>Steve Sterling
>>>
>>>
>>>-----Original Message-----
>>>From: discussion-request at nsrca.org
>>>[mailto:discussion-request at nsrca.org]On Behalf Of Bill Glaze
>>>Sent: Tuesday, December 21, 2004 7:04 AM
>>>To: Discussion
>>>Subject: Off Topic
>>>
>>>
>>>I'm asking some of the computer gurus on this list:
>>>Why can't I access the NSRCA web site when I have cookies disabled?  I
>>>realize that the commercial sites want to insert cookies into my system
>>>to "further serve me" (ahem) better.  But, inasmuch as I am already
>>>sold<G> on the NSRCA, it seems peculiar to me that they want to install
>>>cookies.  Any help out there for my curiosity?  TIA
>>>btw: I remove all cookies at the end of the particular session..
>>>
>>>Bill Glaze
>>>AMA 2221
>>>NSRCA 2388
>>>
>>>=================================================
>>>To access the email archives for this list, go to
>>>http://lists.f3a.us/pipermail/nsrca-discussion/
>>>To be removed from this list, go to http://www.nsrca.org/discussionA.htm
>>>and follow the instructions.
>>>
>>>=================================================
>>>To access the email archives for this list, go to
>>>http://lists.f3a.us/pipermail/nsrca-discussion/
>>>To be removed from this list, go to http://www.nsrca.org/discussionA.htm
>>>and follow the instructions.
>>>
>>>
>>>
>>>
>>>
>>
>> =================================================
>> To access the email archives for this list, go to
>> http://lists.f3a.us/pipermail/nsrca-discussion/
>> To be removed from this list, go to http://www.nsrca.org/discussionA.htm
>> and follow the instructions.
>>
>> =================================================
>> To access the email archives for this list, go to
>> http://lists.f3a.us/pipermail/nsrca-discussion/
>> To be removed from this list, go to http://www.nsrca.org/discussionA.htm
>> and follow the instructions.
>>
>
> =================================================
> To access the email archives for this list, go to
> http://lists.f3a.us/pipermail/nsrca-discussion/
> To be removed from this list, go to http://www.nsrca.org/discussionA.htm
> and follow the instructions.
>
> 

=================================================
To access the email archives for this list, go to
http://lists.f3a.us/pipermail/nsrca-discussion/
To be removed from this list, go to http://www.nsrca.org/discussionA.htm
and follow the instructions.

More information about the NSRCA-discussion mailing list