IETF Logo Mail Archive

Re: [Eligibility-discuss] NomCom selection Fwd: Notification for draft-eastlake-rfc3797bis-00.txt

Eric Rescorla <ekr@rtfm.com> Mon, 29 May 2023 22:52 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: eligibility-discuss@ietfa.amsl.com
Delivered-To: eligibility-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92C64C151B0E for <eligibility-discuss@ietfa.amsl.com>; Mon, 29 May 2023 15:52:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.894
X-Spam-Level:
X-Spam-Status: No, score=-1.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20221208.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zp3Ci9hIvCcI for <eligibility-discuss@ietfa.amsl.com>; Mon, 29 May 2023 15:52:08 -0700 (PDT)
Received: from mail-yw1-x1130.google.com (mail-yw1-x1130.google.com [IPv6:2607:f8b0:4864:20::1130]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD6BCC151B07 for <eligibility-discuss@ietf.org>; Mon, 29 May 2023 15:52:08 -0700 (PDT)
Received: by mail-yw1-x1130.google.com with SMTP id 00721157ae682-565a022ef06so53756317b3.3 for <eligibility-discuss@ietf.org>; Mon, 29 May 2023 15:52:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20221208.gappssmtp.com; s=20221208; t=1685400728; x=1687992728; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=015W3qI2B4WOTpvjAqve2Hdr/hngetOUnzZJsgFJ/vo=; b=EmJ4K29le6SP3D/ZaNOObYAEt/axFHucFw2kCLEV0zfQLKWXl3NBeSK7AzwW/emOO6 S+Y27eljncR9z9gWpduqlb9CueN0/SdZJy/ARp6UmPybLXkJYrUxhoEoscCxIImbllhc bH8NrLcCjho2BKHBXJHjOWxzkA/ZqGKRvI+xOThTVdN9rIxTf7A66nrxHXBLZ+HZASFd rIo/iSOllgZp50HRFibaMmHMgz0yftlpM6KjSybkIwC4Z3xXibBSu6QutWpqZLz0iUL1 f7vNYcf79wgjw5+1WN4Ucb0dOKU4JIM6B5CHnxhvPrJMtESUcT4aDP6mE7+CiQqaSxIK 6elw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685400728; x=1687992728; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=015W3qI2B4WOTpvjAqve2Hdr/hngetOUnzZJsgFJ/vo=; b=SytnPOyzh2tQHPih7YbWJ+B++V/BCw22+3HomNjV7AE4+VjhJ+b5BLAOZ06GAgna8d Ftov4wAipXmlf3aoukdd1SSGcKbMoDkQTvh309GrZXZbmbNT1T04QZSR+aCTFZwgTlZi r6iaJA1V9AEKIwwiemCeGqAs7YFDiFY0qLpOyk0ChSp5vZbvdP30T/bfMOtjHv0CP+B1 VtBrjJ+4E3ohijiJI1eZ0GOYucTsB+h6EcVkqRAzCQtcpa/QVc3PqQTxXpfn+WKPV9Bn MfY6E7xewi2XJt+uhu3JFhlQjvITof9R1M05uJDcKBeKLodvPEXZfBHAEuNKWC0TWWD/ 4Skw==
X-Gm-Message-State: AC+VfDyTRxdCeykcEVDwX1gC5VBTmLbvoXVbA/rGELdQiS6rw9pqHXBZ JRH27aaRCqhb8gZ+XKI4+/t4Ge5iouEsEApOGi/eP8rxvCraniajPiY=
X-Google-Smtp-Source: ACHHUZ7q4p2R91kQvj//U/YBxYzpWofxg/5EkPOAy2i6IfqeFaZ834z7jwZPVMvFHM8wS+qEbPOnIl0rOGQ0jkZgxo0=
X-Received: by 2002:a81:d246:0:b0:54f:895e:70f7 with SMTP id m6-20020a81d246000000b0054f895e70f7mr379697ywl.9.1685400727834; Mon, 29 May 2023 15:52:07 -0700 (PDT)
MIME-Version: 1.0
References: <54F373CD-1E97-42BC-9AAB-0451ABD9D448@eggert.org> <1229DD7D-3640-4EFD-8058-D0EC18020038@eggert.org> <18537EEF-4E16-4C48-8456-02A8FB0C8CFC@vpnc.org> <4a8f2bb4-25c3-5514-f13f-8db1804619a6@joelhalpern.com>
In-Reply-To: <4a8f2bb4-25c3-5514-f13f-8db1804619a6@joelhalpern.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 29 May 2023 15:51:31 -0700
Message-ID: <CABcZeBPq_yuwFyA8jQVEiEpWBvFpkbvQj27W-euFKaF_JMrhoQ@mail.gmail.com>
To: Joel Halpern <jmh@joelhalpern.com>
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, eligibility-discuss@ietf.org
Content-Type: multipart/alternative; boundary="000000000000afe6ab05fcdcef52"
Archived-At: <https://mailarchive.ietf.org/arch/msg/eligibility-discuss/f_McopwRK4SsFoJsLh5kpWIKHQ0>
Subject: Re: [Eligibility-discuss] NomCom selection Fwd: Notification for draft-eastlake-rfc3797bis-00.txt
X-BeenThere: eligibility-discuss@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF eligibility procedures <eligibility-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/eligibility-discuss>, <mailto:eligibility-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/eligibility-discuss/>
List-Post: <mailto:eligibility-discuss@ietf.org>
List-Help: <mailto:eligibility-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/eligibility-discuss>, <mailto:eligibility-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 May 2023 22:52:09 -0000

On Mon, May 29, 2023 at 3:40 PM Joel Halpern <jmh@joelhalpern.com> wrote:

> Whether or not the procedure in that (draft-hoffman-...) is useful for
> other people I can't say.  But it removes may elements that the
> community felt were important in defining the nomcom process and rfc
> 3797.  For example, you removed all of the challenge periods and
> challenge criteria.  And your educed the random numbers to one source,
> without specifying anything about the required degree of randomness in
> that source.  While I am not expert on the matter, the reason that was
> stated for having multiple sources was to get enough reliable randomness
> into the mix.
>

Just to follow up on Joel's point, there are actually two issues in terms of
randomness:

1. Getting enough different sources that there is a low risk one was
compromised.
2. Getting enough entropy that the attacker cannot get a material advantage.

To see the second point, consider the case where there is only a single
bit of unknown entropy. The attacker could then strategically
add/delete/challenge
candidate values until both values (0/1) produced good outcomes for them.

I don't have a calculation immediately to hand for how much is enough.
Ideally
you would like it to be much larger than N choose M where N is the number
of candidate names and M is the number of chosen, but my (unverified)
intuition is that it's sufficient to simply have the entropy be
sufficiently large
that it's not possible to search any significant fraction of the space. I do
not believe that a single stock would be sufficient because there are a
relatively small number of plausible values.

-Ekr



> Yours,
>
> Joel
>
> PS: discussing here because you posted here; probably should be moved to
> gendispatch.
>
> On 5/29/2023 6:27 PM, Paul Hoffman wrote:
> > By a weird coincidence, I was creating a new, simpler choosing protocol
> when this discussion came up. A colleague was seeing if RFC 3979 fit their
> need to select m of n people, but had problems with the implementation of
> 3797. When I looked at draft-eastlake-rfc3797bis-02, I saw that the
> pitfalls that were in 3797 were still there, and this spurred me to come up
> with something as good but simpler.
> >
> > Please see <
> https://datatracker.ietf.org/doc/draft-hoffman-genarea-random-candidate-selection/>.
> It may be of interest for the discussion of draft-eastlake-rfc3797bis.
> Please note that the proposal could be turned into an RFC even if the IETF
> wants to keep using the protocol in draft-eastlake-rfc3797bis; there is
> good reason to have a simpler protocol defined for others who want to have
> the same result as what we have for NomCom, but using an
> easier-to-understand alternative.
> >
> > --Paul Hoffman
> >
>
> --
> Eligibility-discuss mailing list
> Eligibility-discuss@ietf.org
> https://www.ietf.org/mailman/listinfo/eligibility-discuss
>

v2.23.0 | Report a Bug | By Email