Election keyword

[umbernhard]

We need to investigate whether or not an election keyword is needed in the STAR-Vote process.

[umbernhard]

The original design of the keyword was to mandate that no unknown parties could run valid STAR-Vote machines on the network and futz with the network. So In theory we do need the keywords. They are sent back in forth in certain messages, but it seems to me they should be sent with all messages. I'll investigate more later.

[umbernhard]

Pending consultation.

[mpk2]

We're going to be re-implementing keywords.

[umbernhard]

So I've reimplemented the keywords they way they used to be in votebox. However, from what I can tell they don't really do anything. They simply prevent a new supervisor from hearing a polls open message after sending a PollOpenQ message; they can still open and close the polls, send ballots, etc.

I'm not sure of the value of the keyword, since a machine can't join the network without the proper credentials (certificate and signature). Theoretically that should take the place of the keyword.

If we want to use keywords to enforce more security, we're going to run into trouble fast. If a supervisor comes online with the wrong keyword, the only options are to disconnect it from the network, which right now other machines can't do, or to broadcast an ignore status, which I suppose would be technically possible, but introduces some problems. For instance, if the bad supervisor hears the ignore, it could just restart itself and try to send a message before the next ignore message is sent. I'll have to consult on this.