On Tue, Jun 23, 2015 at 11:41 AM, John C Klensin <john-ietf(_at_)jck(_dot_)com>
wrote:
--On Tuesday, June 23, 2015 09:18 -0400 Phillip Hallam-Baker
<phill(_at_)hallambaker(_dot_)com> wrote:
From a security point of view, the question is not whether
the inputs are
random, it is whether they are vulnerable to manipulation.
Having more inputs does not make a system more robust against
this type of attack, it makes it more vulnerable.
I am not a cryptographer and don't even play one on television.
But my statistical intuition (and the reasoning in RFC 3797)
causes me to question the latter assertion.
The attack isn't statistical. If I control an input and the other inputs
are known, I can manipulate the output. So the more parties that control an
input, the greater the chance of default.
The last input obviously has the most influence. But the second to last
also has some effect if the final one doesn't add much randomness. If the
objective is to keep one particular person in or out of the NOMCON and a
non-trivial amount of CPU time is spent, manipulation becomes plausible by
the second in line.
Of course being able to delay the input to last is the strongest form of
attack.
The reason that we can trust lottery numbers is not that they
are absolutely immune from tampering. We can trust them
because anyone who could be bothered to tamper with them has a
much bigger incentive than manipulating the IETF NOMCON
choices. This means that we can put a dollar value on the
manipulation, a few hundred million USD.
Just following that logic, could you explain who would have the
power and incentive to manipulate the reported US national debt
in order to affect the IETF Nomcom selection process?
But we are not using the US national debt. We are using the reported value
of the US national debt. While your country is of course entirely
incorruptible when it comes to such matters and there isn't anyone who
would ever imagine making such a manipulation at the mere suggestion that
'national security' is at stake, this is certainly not the case in mine. If
you read Peter Wright's Spycatcher you will find numerous instances of
similar acts by officialdom for even more trivial objectives.
I suppose
that demonstration would start by demonstrating that there are
people involved in the debt analysis and reporting process who
have even heard about the IETF and its nomination process and
who give a rat's a** about it?
Oh come on, that is not the mechanism I suggested any you know it. The
decision that manipulating the process was desirable would come from
somewhere else. Then they would either identify the person in the stats
office responsible for compiling the figures or they would hack into their
computer to allow the results to be fiddled.
I also observe that someone trying to attack the IETF process
would, in most cases, need to figure out how to attack a
particular day's numbers and not the overall formula or method
of producing the relevant value or statistic. That seems even
more far-fetched, especially because the day on which the
numbers will be drawn is not generally known.
Which is part of the problem as noted above.
Whether or not people think this is a problem in practice is a lot less
important than the question of whether someone can plausibly claim it is a
problem.
Having set up and operated CAs, I am used to people proposing all manner of
unlikely attacks and I have spent a great deal of time and effort on
controls designed to provide auditable assurance that attacks far less
likely than this one are prevented.
That said, the other reason to take out the US national debt is that using
it suggests that the IETF is taking a political position on its importance.
Why not take the US unemployment numbers instead? Or the number of people
who applied for Obamacare? I think it is quite obvious that the last two
would be a very bad idea.