Do we need HTTPS to safely send accessCodes?

cthit / VoteIT

Voting website hosted on a node.js server

MIT License

4 stars 29 forks source link

Do we need HTTPS to safely send accessCodes? #17

Closed sveningsonrobin closed 9 years ago

lindskogen commented 9 years ago

Yes

Edholm commented 9 years ago

See #23 for reason why. However, I think the server should encrypt messages also and not blindly trust HTTPS.

I imagine a public/private key solution where the key is generated and distributed at each meeting. Preferably a eliptic curve algorithm. Their keys are very small compared to RSA for example.

lindskogen commented 9 years ago

Conclusion: We need HTTPS and perhaps implement additional encryption layer suggested in #23