Hi Clay:
I'm absolutely cognizant of the signing issues. However for the
demo I didn't want to cross that bridge yet. My goal would be that
ANY xml in the system would be signed by it's producer.
-C-
> > 3) all the 1500 ballots used to create this output
>> http://www.knowpeople.com/vote/ballots/
>
>Thanks for the link to the ballots, I happen to be thinking about a
>security issue today. If we will be electronically signing ballots, the
>ballot number will be an important part of the message that should be
>signed. Otherwise someone could take a ballot and its signature file
>and duplicate it any number of times. With the ballot number in the
>signed message, this tactic will be easy to detect.
>
>Based on the sample xml files on the server, it looks like this will not
>be an issue since each ballot has a unique number in the file.
>
>-Clay
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Chris Schaefer Email:
chris<AT>1reality(DOT)org
Professional Bit Twiddler and student of reality.
"Global Information, Local Production"
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Wed Dec 31 23:17:03 2003
This archive was generated by hypermail 2.1.8 : Wed Dec 31 2003 - 23:17:18 CST