Comment by Kevin Wilson (Voting System Test Laboratory)
This is a comment on
Part 3, Chapter 2.4.3,
dated
2008/01/07 19:04:25.718 US/Eastern
The document does not mention that a copy of the public key of the "digital signature" must be maintained with the software and trusted build or else the "digital signature" is effectively useless outside of the originating agency (and possibly even there if the public key is lost). Perhaps a better and more clear way to do so is to specify that an X.509 certificate be included on the CD and thus more clearly defining the intent of this section.