What's stopping someone from recording each public key as it is entered into service and providing a DKIM authentication service with it? There are already such things for domain data.

Is there any technical/security benefit at all to private blockchains? Or even more generously, lightly-mined public blockchains? It seems that in either of those scenarios, you lose the decentralized validation and consensus brought about by a bunch of people incentivized to compete with one another to burn electricity.

Within the article this statement was made

> Trail of Bits engineers said Voatz' code was written intelligibly and free of many common security foibles, but added “it is clear that the Voatz codebase is the product of years of fast-paced development.” The summary goes on to list several technical flaws, such as a lack of test coverage and documentation, infrastructure provisioned manually without the aid of infrastructure-as-code tools, vestigial features that have yet to be deleted, and nonstandard cryptographic protocols.

That honestly sounds pretty good in terms of software quality, adding additional tests for proofs and ramping up ops are both addressable problems - especially if handled by a government sponsored team. But...

How confident are you that we could reach a well engineered and proofed electronic voting platform that also adheres to theoretical rules around vote security?

And which component of that, adherence to theoretical requirements and perfected development practices, do you see as a larger hurdle to overcome going forward?

I understand that current solutions to electronic voting are unsatisfactory, but I am fairly baffled by:

> It remains unclear if any electronic-only mobile or Internet voting system can practically overcome the stringent security requirements on election systems

Like, we can adequately secure banking software. With proper considerations and processes for the problem domain (i.e. user follow up / validation, alerts on suspicious vote changes) I don't see why securely implementing electronic voting is considered near-impossible, and has so few advocates.

The article mentions:

> The clients do not interact with the blockchain directly, so there is no blockchain verification code in the client.

So if all client requests are routed through the same centralized API endpoint before hitting the blockchain, nor validated after the fact, whats the point of the blockchain? Just some public "ledger" of what the server ultimately sends out?

Ideally, at a minimum, you would be given a token for your vote which you can then follow up and see it on the ledger. Even if you don't get to wait for 'confirmation', it's still a public signal that something is not right.