[Licom-l] SecurePoll tally procedure

[Tim Starling]

SecurePoll tallying procedure, copied to licom-l and Michael Schultheiss.

The best way to do a tally at the moment is to set up a local instance
of MediaWiki, on your desktop computer. In outline:

* Install MediaWiki from subversion trunk, create the wiki
* Install SecurePoll from subversion trunk, enable it in LocalSettings.php
* Create the tables, mysql < SecurePoll.sql
* Create the vote configuration, using the SQL file which should be
attached to this message. It's the same as the file I sent to Michael to
set up the vote at SPI. Michael can confirm that the option IDs in that
file match the ones in the SPI wiki: 3=yes, 4=no, 5=abstain.
* Insert the private key. From the mysql command line:

INSERT INTO securepoll_properties (pr_entity, pr_key, pr_value) VALUES
(1, 'gpg-decrypt-key', '
... key goes here...
');

* Get the election record, from [[Special:SecurePoll/dump/1]] on the SPI
wiki.
* Go to [[Special:SecurePoll/tally/1]] on the local wiki. Upload the
election record that you got from SPI
* Results displayed.

I can help with the details when I'm online, grab me on IRC.

That's the best way. The easy way, which is slightly less secure, is to
insert the private key into the SPI wiki itself, which allows the SPI
wiki to do its own tallies. Then any election administrator would be
able to view the tally results via [[Special:SecurePoll/tally/1]].

The security problem with the easy way comes from the fact that a
compromise of the SPI server in this state would lead to a compromise of
voter secrecy. There's also a slightly greater potential for a leak of
an early tally, and a greater potential for abuse of the strike feature
to influence the results.

-- Tim Starling
-------------- next part --------------
A non-text attachment was scrubbed...
Name: license-update-spi-side.sql
Type: text/x-sql
Size: 7561 bytes
Desc: not available
Url : http://lists.wikimedia.org/pipermail/licom-l/attachments/20090502/39427998/attachment.bin