Re: [Demexp-dev] Re: Request for ideas on delegation

[Félix]

Hi David,

On 5/1/07, David MENTRE <address@hidden> wrote:
> Hello,
>
> My own answers, after some coding and thoughts about it.
>
> 2007/4/27, David MENTRE <address@hidden>:
> > Internally, I use the participant identifier to identify to whom one
> > wants to delegate a question. Now the question is: what should be the
> > external API for this identifier?
>
> I've decided to use a cryptographic token, i.e. a short string, to
> identify each participant that wants to be a delegate. When one wants
> to be a delegate for other people, he creates such a delegation token
> and give it to other people or publish it on his web site. This
> delegation token is used by a participant when he want to delegate.

I have a comment here. We are dealing with the threat of "stealing"
the delegation: Someone can be pretending to be someone else in order
to attract delegation. Of course you always have the possibility to
check his votes but after a while you become confident and you don't
check them anymore and problems arise. Lets call this problem
"Delegation phishing". I see two strategies to avoid the problem:
-First startegy: the delegation phishing prroblem is managed within
demexp. You trust the demexp software to garantee that token XYZ
corresponds to Alice.Bob.TRUC. In this wcase we need a mechanism that
garantees it.
-Second strategy: it's up to every participant to avoid delegation
phishing and get the token by a trustful source (read: the person
itself, not his website, or another trustful source)

I assume that you are taking the second approach, and I support that,
in the name of coding simplicity.



> > Should all participants publish their participant id? Should we use a
> > random identifier associated to a participant id and generated only if
> > a participant wants to be a delegator? In that case, what should be
> > the lifetime of this identifier?
>
> Up to 1024 tokens can be simultaneously active for a participant. A
> participant can create or delete a delegation token at will. They are
> valid as long as the participant does not remove them. A comment is
> attached to each token (for example the real user name and email
> address of the participant).

Here we deel with what I call "Weak Delegation Anonymity". This means
that you don't want to give your name to everyone because then
everyone can delegate to you temporarily in order to know your vote (I
know, delegate vote is different to personnal vote, but frankly, who
is going to vote differently?). So you only give a token to a person
you trust and you hope that this person is not going to "publish" the
token and your name together (this is why I call it Weak Delegation
Anonymity). Of course the person can do it but it stil provides some
protection.

> > Another question: should it be possible to delegate to somebody that
> > has never voted on a question (right now, this is impossible)?

That's fine with me.

  Félix