Re: [Eligibility-discuss] On 3797 alternatives
Michael StJohns <msj@nthpermutation.com> Thu, 01 June 2023 15:43 UTC
Return-Path: <msj@nthpermutation.com>
X-Original-To: eligibility-discuss@ietfa.amsl.com
Delivered-To: eligibility-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 351D0C151B2C for <eligibility-discuss@ietfa.amsl.com>; Thu, 1 Jun 2023 08:43:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.894
X-Spam-Level:
X-Spam-Status: No, score=-1.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nthpermutation-com.20221208.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gT7vvs92dBAt for <eligibility-discuss@ietfa.amsl.com>; Thu, 1 Jun 2023 08:43:02 -0700 (PDT)
Received: from mail-qv1-xf2c.google.com (mail-qv1-xf2c.google.com [IPv6:2607:f8b0:4864:20::f2c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 77D81C15107A for <eligibility-discuss@ietfa.amsl.com>; Thu, 1 Jun 2023 08:42:03 -0700 (PDT)
Received: by mail-qv1-xf2c.google.com with SMTP id 6a1803df08f44-6261367d2f1so9025516d6.3 for <eligibility-discuss@ietfa.amsl.com>; Thu, 01 Jun 2023 08:42:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nthpermutation-com.20221208.gappssmtp.com; s=20221208; t=1685634122; x=1688226122; h=in-reply-to:content-language:references:cc:to:subject:from :user-agent:mime-version:date:message-id:from:to:cc:subject:date :message-id:reply-to; bh=o/OzYPitNRoV1/Xf04M+F6/LnCc1yawvmUg/lwdidGA=; b=28MHP+CbEEaLiQO17NoSEtnkv6X/hc9hdgLOk35SQvEMCo2uueUOvlTXzxaor6zVEE k5ieEU5kpS3U88Md558m+XcmCUXgIG4pwALKCFGgAJ3tu3LEQ1J5nrdGDf2mkXuKHsy3 yKdauOgqJ/zLjAQvmh/kqygA2vIaCqA6DusRdDbzzRJGpnn3yGt7A93Nt+X4HdOiqQpl nWf5lLQrPUo3JNRK+6DkAbDZeM2I2lXuMG8euoJzkyPe1xQokAku+ei6WLK6BDEjA9wK lZM40XFB7KbyVSUuzc8bMtnI1o2ZyYjUn9buS/1sbIid5rVpV20bVJZ6s++krnbaBBHq W85w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685634122; x=1688226122; h=in-reply-to:content-language:references:cc:to:subject:from :user-agent:mime-version:date:message-id:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=o/OzYPitNRoV1/Xf04M+F6/LnCc1yawvmUg/lwdidGA=; b=UbBIPJ8gcot0q/p7HMfy6pkTK1SpwzedNvVuUU9Te/YiRa+qX+P5PTXAmQRD5G0JId oSZbuNptY36Q3tG/tEAtDNLR/1zOAgnwpGPIcdF2vh9jC6p8BxcYH7xUTCjENSvW+TKg VDFbxk+C0ttNPMJlwMFPSYOHT8q2tlRwDn9FBFOxRPBNOYTpYiKAwIFiVDBxg+2F8h14 rngIVI/etv93weUiSg4/lQclQ0OlhrEUUdiKn4fp5Nsx679TaPygGLfkgIH2YeWugyJY up6YibBiVR1xCYh8Bz7pkXJG4gAbnA++WePN9+HONLB2WpsmPzXs7QioFb+HOIFVAdQn FuAg==
X-Gm-Message-State: AC+VfDyaVI9zwHqgNlzFm9TpqpQw4WRn6X/aaHpEHceBcufSwPlNB+aU KS1NxR3F15eqPHwNXF+lFHtsTA==
X-Google-Smtp-Source: ACHHUZ5js4W3GJDd4AoVSCb/L+g/745C2LBik3L9++9AAgfGlquxMBDSY/awRCrQQgTgThAINjjNPw==
X-Received: by 2002:a05:6214:29ec:b0:621:41c:75a7 with SMTP id jv12-20020a05621429ec00b00621041c75a7mr9859673qvb.30.1685634121984; Thu, 01 Jun 2023 08:42:01 -0700 (PDT)
Received: from [192.168.1.23] (pool-108-31-156-76.washdc.fios.verizon.net. [108.31.156.76]) by smtp.gmail.com with ESMTPSA id ec13-20020ad44e6d000000b006261e6a88c7sm5024058qvb.36.2023.06.01.08.42.01 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 01 Jun 2023 08:42:01 -0700 (PDT)
Content-Type: multipart/alternative; boundary="------------Yzz0YVMfS72rM0hTQMSDb7UR"
Message-ID: <416a8625-1c05-54eb-c90a-fb88c3aa01dc@nthpermutation.com>
Date: Thu, 01 Jun 2023 11:42:00 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0
From: Michael StJohns <msj@nthpermutation.com>
To: Rob Sayre <sayrer@gmail.com>
Cc: Donald Eastlake <d3e3e3@gmail.com>, eligibility-discuss@ietfa.amsl.com
References: <CAChr6Szvewhk0_z5DVqTJ37qR6eHxBw0Am2MnycxsS=a9x_bzw@mail.gmail.com> <4b2070b2-21e7-4887-b9a2-1049b930d0be@betaapp.fastmail.com> <CAChr6SyLNfEHxSCaj+w_j4Zzxf0vLudqzfpsGO7kDd1jO1AFLg@mail.gmail.com> <CAF4+nEGAsAvD4Vzy7BVOKVE+5wnGspP+QC+_bYKEWfYihVYdsA@mail.gmail.com> <CAChr6Swg5An=n9gAo1dYA=U_DY-Qd5h48Aq6Wqhf=QUae9pB7Q@mail.gmail.com>
Content-Language: en-US
In-Reply-To: <CAChr6Swg5An=n9gAo1dYA=U_DY-Qd5h48Aq6Wqhf=QUae9pB7Q@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/eligibility-discuss/yrV5YvRgqBRVAT2vdf6Gy_AR18g>
Subject: Re: [Eligibility-discuss] On 3797 alternatives
X-BeenThere: eligibility-discuss@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF eligibility procedures <eligibility-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/eligibility-discuss>, <mailto:eligibility-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/eligibility-discuss/>
List-Post: <mailto:eligibility-discuss@ietf.org>
List-Help: <mailto:eligibility-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/eligibility-discuss>, <mailto:eligibility-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Jun 2023 15:43:06 -0000
Hi - Verifiably random is somewhat of an oxymoron. We can do statistical measurements of data streams, and come to conclusions about how close they meet a given criteria, but that’s a far cry from verifiable. We can, using similar models usually prove a source to be non random even if we can’t label it as predictable, but the opposite is harder. What I think we want is/are sources that meet some set of statistical tests for randomness and that are shown to be resistant to externally applied bias/interference. The former is pretty simple - take the output and run it through the tests. The latter is more about "trustworthiness" than "verifiable randomness". WRT to the sources used to seed the last dozen or so selections, we assume the trustworthiness because of the nature of the sources and the fact that we combine a number of those sources, but I'd be hard pressed to say that any single given source is "verifiably random" in either meeting statistical tests or resistance to externally applied bias. That said, the current model is probably good enough if we're willing to wait a few days for each result. Moving on to drand and it's ilk. It should be pretty easy to show they meet the statistical tests. The sole question really to be answered is whether the source is trustworthy and resistant to being biased. Given that drand is a co-generated random bit stream, I'd say that answer could be readily ascertained by anyone who wanted to look a bit. Some of the other public sources might be a bit harder to verify. Later, Mike On Wed, May 31, 2023 at 18:01 Rob Sayre <sayrer@gmail.com> wrote: On Wed, May 31, 2023 at 2:31 PM Donald Eastlake <d3e3e3@gmail.com> wrote: On Wed, May 31, 2023 at 2:43 PM Rob Sayre <sayrer@gmail.com> wrote: > > I'm not really here to sell drand, but it does meet the requirements on paper: "the source is announced before the ceremony starts...". No, in my opinion it does not. The title of the document starts with "Publicly Verifiable ...". Perhaps I should change the name to "Publicly Persuasive...". Would a member of the public believe drand is as honest as a major government run lottery? I think not. I'm not sure what "publically persuasive" would mean. I don't really see why a "major government run lottery" would be more believable here, but it's of course totally subjective. > Presumably you'd pick a drand iteration number from the future, and use that. The draft is a little confusing in using stock tickers, because "Section 3.1: Sources of Randomness" of RFC3797* says not to do that... And that section gives specific reasons why not. Yes. > While I agree that entropy "sources exist", the debate here is guidance on picking a verifiable one. I think it needs to be not just mechanically verifiable but also persuasively random. Yeah, it can be taken pretty far, even aside from quantum computing: https://www.cloudflare.com/learning/ssl/lava-lamp-encryption/ The penultimate section is my favorite: Do all Cloudflare offices have the lava lamp wall? --- The other two main Cloudflare offices are in London and Singapore, and each office has its own method for generating random data from real-world inputs. London takes photos of a double-pendulum system mounted in the office (a pendulum connected to a pendulum, the movements of which are mathematically unpredictable). The Singapore office measures the radioactive decay of a pellet of uranium (a small enough amount to be harmless). At the bottom there, you get "LavaRand"*, which covers "Randomness Mixing". I don't think the IETF really needs to purchase a double-pendulum for this task, though. This stuff is persuasively random, but not verifiable. thanks, Rob * https://blog.cloudflare.com/lavarand-in-production-the-nitty-gritty-technical-details/ -- Eligibility-discuss mailing list Eligibility-discuss@ietf.org https://www.ietf.org/mailman/listinfo/eligibility-discuss
- Re: [Eligibility-discuss] NomCom selection Fwd: N… Lars Eggert
- Re: [Eligibility-discuss] NomCom selection Fwd: N… Robert Sparks
- Re: [Eligibility-discuss] NomCom selection Fwd: N… Salz, Rich
- Re: [Eligibility-discuss] NomCom selection Fwd: N… Eric Rescorla
- Re: [Eligibility-discuss] NomCom selection Fwd: N… Salz, Rich
- Re: [Eligibility-discuss] NomCom selection Fwd: N… Eric Rescorla
- Re: [Eligibility-discuss] NomCom selection Fwd: N… Brian E Carpenter
- Re: [Eligibility-discuss] NomCom selection Fwd: N… Michael Richardson
- Re: [Eligibility-discuss] NomCom selection Fwd: N… Brian E Carpenter
- Re: [Eligibility-discuss] NomCom selection Fwd: N… Barry Leiba
- Re: [Eligibility-discuss] NomCom selection Fwd: N… Donald Eastlake
- Re: [Eligibility-discuss] NomCom selection Fwd: N… Robert Sparks
- Re: [Eligibility-discuss] NomCom selection Fwd: N… Lars Eggert
- Re: [Eligibility-discuss] NomCom selection Fwd: N… Paul Hoffman
- Re: [Eligibility-discuss] NomCom selection Fwd: N… Joel Halpern
- Re: [Eligibility-discuss] NomCom selection Fwd: N… Eric Rescorla
- Re: [Eligibility-discuss] NomCom selection Fwd: N… Paul Hoffman
- Re: [Eligibility-discuss] NomCom selection Fwd: N… Joel Halpern
- Re: [Eligibility-discuss] NomCom selection Fwd: N… Paul Hoffman
- Re: [Eligibility-discuss] NomCom selection Fwd: N… Paul Hoffman
- [Eligibility-discuss] On 3797 alternatives Martin Thomson
- Re: [Eligibility-discuss] NomCom selection Fwd: N… Donald Eastlake
- Re: [Eligibility-discuss] NomCom selection Fwd: N… Salz, Rich
- Re: [Eligibility-discuss] On 3797 alternatives Donald Eastlake
- Re: [Eligibility-discuss] On 3797 alternatives Martin Thomson
- Re: [Eligibility-discuss] On 3797 alternatives Salz, Rich
- Re: [Eligibility-discuss] On 3797 alternatives Eric Rescorla
- Re: [Eligibility-discuss] On 3797 alternatives Martin Thomson
- Re: [Eligibility-discuss] On 3797 alternatives Salz, Rich
- Re: [Eligibility-discuss] On 3797 alternatives Eric Rescorla
- Re: [Eligibility-discuss] On 3797 alternatives Rob Sayre
- Re: [Eligibility-discuss] On 3797 alternatives Salz, Rich
- Re: [Eligibility-discuss] On 3797 alternatives Martin Thomson
- Re: [Eligibility-discuss] On 3797 alternatives Eric Rescorla
- Re: [Eligibility-discuss] On 3797 alternatives Rob Sayre
- Re: [Eligibility-discuss] On 3797 alternatives Salz, Rich
- Re: [Eligibility-discuss] On 3797 alternatives Christian Huitema
- Re: [Eligibility-discuss] On 3797 alternatives Eric Rescorla
- Re: [Eligibility-discuss] On 3797 alternatives Eric Rescorla
- Re: [Eligibility-discuss] On 3797 alternatives Donald Eastlake
- Re: [Eligibility-discuss] On 3797 alternatives Rob Sayre
- Re: [Eligibility-discuss] On 3797 alternatives Rob Wilton (rwilton)
- Re: [Eligibility-discuss] On 3797 alternatives Salz, Rich
- Re: [Eligibility-discuss] On 3797 alternatives Michael StJohns
- [Eligibility-discuss] list address (was: Re: On 3… Stephen Farrell
- Re: [Eligibility-discuss] On 3797 alternatives Michael Richardson
- Re: [Eligibility-discuss] On 3797 alternatives Salz, Rich
- Re: [Eligibility-discuss] On 3797 alternatives Eric Rescorla
- Re: [Eligibility-discuss] list address (was: Re: … Rob Sayre
- Re: [Eligibility-discuss] On 3797 alternatives Michael StJohns
- Re: [Eligibility-discuss] On 3797 alternatives Martin Thomson
- Re: [Eligibility-discuss] On 3797 alternatives Salz, Rich
- Re: [Eligibility-discuss] On 3797 alternatives Michael Richardson
- Re: [Eligibility-discuss] On 3797 alternatives Donald Eastlake
- Re: [Eligibility-discuss] On 3797 alternatives Martin Thomson