Re: [Demexp-dev] Re: New version of security requirements

[Frédéric Lehobey]

Dear all,

On Sun, Mar 21, 2004 at 10:06:10PM +0100, address@hidden wrote:
> Concerning the security requirements,and this one in particular:
> 
> > - vote of delegates should be public
> 
> I agree with this because you can access the delegate vote of anyone
> by temporarily delegating to him/her and check their delegate vote.
> However, there is one thing I do not remember: can you prevent people
> from delegating to you (as an option)? I think it would be useful because,
> frankly speaking, my delegation vote will always be the same as my 
> private vote. So if I really want my vote to be secret, I may want to
> prevent people from delegating to me. Actually, ideally, I would 
> like to choose the keywords I can be a delegate for.
> 
> Let me know what you think.

  I do not agree.  Delegate vote means vote that you agree to see
published.  I do not see the point in delegate votes for which you
prevent people from delegating: they would count in any case for
nothing!  If you do not want people to know your vote through
delegation then just don't vote as delegate (and break the _virtual_
link you want to have between your private secrete vote and your
[unusable] delegate vote).

  So the real problem is not the secrecy of your vote (the problem is
badly stated) but the way you shall publish the keywords for which you
accept/propose delegation.  Instead of one more option in the software
that would increase its complexity I would suggest just to publish
such keywords (your domains of expertise) on your personal web page
independent of demexp.

Frédéric