Last modified: 2013-06-06 00:41:56 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T20978, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 18978 - Option to temporarily enter decryption key online
Option to temporarily enter decryption key online
Status: RESOLVED WONTFIX
Product: MediaWiki extensions
Classification: Unclassified
SecurePoll (Other open bugs)
unspecified
All All
: Lowest enhancement (vote)
: ---
Assigned To: Tim Starling
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-05-28 03:33 UTC by Robert Rohde
Modified: 2013-06-06 00:41 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Robert Rohde 2009-05-28 03:33:39 UTC 
It might be desirable to configure the Tally Page so that the decryption key could be entered online from there for use in a single tally run.  If the key is never stored to disk it mitigates against abuse/theft/etc.  It also might allow decryption to be done at SPI directly rather than on a separately configured wiki (which is a quite cumbersome approach).

I suppose there is some small risk that someone could hack into SPI and be there to capture the key, but if someone did that they could pretty much feed in any number of bogus ballots to determine the elections.  So if someone could hack SPI we'd already have bigger things to worry about.
Comment 1 Tim Starling 2009-07-14 05:54:01 UTC 
I don't think there's much point in using GPG if we're going to do this. The only protection that the GPG encryption layer provides is protection for voter privacy against a server compromise at a single point in time, requiring instead an ongoing compromise for the duration of the vote. There are much better ways to do secure tallying. Maybe this can be implemented later for the benefit of non-Wikimedia users.
Comment 2 Robert Rohde 2009-07-14 06:13:34 UTC 
I would note that having a way to tally at SPI (regardless of how that is accomplished) would also be a work-around for the problem of server time outs during the uploading and downloading of the vote dump.  So if one isn't going to go in this direction, then preventing those occurences takes on a higher importantance.
Comment 3 Tim Starling 2009-07-14 06:52:16 UTC 
I was going to write a command-line dump script, that the SPI admin can run on the server. They can make the output available for password-protected download. The dump format would be modified to include election configuration information, so that a command-line tally script could do the tally and present the results without any special configuration.

We know from experience that long-running PHP/apache processes with set_time_limit(0) are not very reliable, and that it's better to do such tasks on the command line where possible.
Comment 4 Andre Klapper 2012-12-12 14:10:33 UTC 
[Removing RESOLVED LATER as discussed in
http://lists.wikimedia.org/pipermail/wikitech-l/2012-November/064240.html .
Reopening and setting priority to "Lowest".
For future reference, please use either RESOLVED WONTFIX (for issues that will
not be fixed), or simply set lowest priority. Thanks a lot!]
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links