Fwd: Mozilla and online voting systems
Eduardo Robles Elvira
relación al último post en su blog
http://benlog.com/articles/2011/05/25/online-voting-is-terrifying-and-inevitable/
---------- Forwarded message ----------
From: Eduardo Robles Elvira <edu...@wadobo.com>
Date: Fri, May 27, 2011 at 12:23 AM
Subject: Mozilla and online voting systems
To: Ben Adida <b...@adida.net>
Hello Ben:
It's been a while since we last talked, I hope you're doing fine and
that your work at Mozilla is great. I've just read your last post on
the inevitability and the terror of internet voting - you know I work
towards that goal. I also think that the browser is a good place to
work to reduce the inevitable risks associated to performing private
tasks envolving cryprogaphy in Internet. That's why my University End
of Career Project was about implementing secure End-to-End encryption
for HTML using GPG in Konqueror (KHTML), doing something equivalent to
ssl browser support but for client-to-client communication, ensuring
that the user can send information with a browser using a web page
without having to trust the web page *at all*. I can give you more
details on this if you are interested (the doc I have is in spanish
unfortunately).
Here some screenshots from the result of the project:
http://imgur.com/a/fuJ9M There you can see messages have been
decrypted in-browser inside divs that have a green border (and these
divs' presentation to the user cannot change via css nor js, the
content is locked, border will always be green, text color black,
background white, max z-index, and user can see information about the
div message using right click > Details of Encrypted Message). In a
similar manner to a location bar when visiting an SSL website, an
input type="text" that sends encrypted messages (with the GPG private
key that the user specify in the browser configuration window) shows a
lock and light yellow background color, and of course css cannot be
changed and the plain text cannot be accessed via javascript. The web
page example is a twitter client where users can exchange GPG
encrypted messages using only the web interface. This is another
example, a chat using the same extension, comparing konqueror (with
the html extension support) and firefox: http://imgur.com/0XlXh
For Agora voting (will be based on verificatum), our idea is using a
signed Java applet that would do the vote encryption and signature
(using DNIe for that last thing). HTML of course does not provide
anything near that. Mozilla provides some crypto api, but that would
be browser-dependent. Ideally, there would be an HTML security widget
that would be in charge of doing all those things, similar to what I
did with HTML and GPG, but more generic to support more encryption
types and powerful for doing more complex things (for example
encryting and signing with different cryptographic schemes) without
having to trust the website. Maybe you'd like to discuss this idea?
Regards,
Eduardo.
--
Eduardo Robles Elvira edu...@wadobo.com +34 668 824 393
Wadobo Software S.L. http://www.wadobo.com it's not magic, it's wadobo!
--
Eduardo Robles Elvira edu...@wadobo.com +34 668 824 393
Wadobo Software S.L. http://www.wadobo.com it's not magic, it's wadobo!