On Tue, Jun 23, 2015 at 2:19 PM, Yoav Nir
<ynir(_dot_)ietf(_at_)gmail(_dot_)com> wrote:
On Jun 23, 2015, at 9:12 PM, Eric C Rosen <erosen(_at_)juniper(_dot_)net>
wrote:
On 6/23/2015 8:43 AM, Harald Alvestrand wrote:
Speaking as the person who actually picked these lotteries and numbers:
Wouldn't it be simpler and just as effective to pick the names of the
nomcom members out of a hat? Just make sure to give it a good shake first.
Or do people really think that the main problem in selecting good IESG
members is that the process that selects the nomcom members is
insufficiently random?
Picking out of a hat is random enough. It’s just not very verifiable. I’m
not saying that Harald would manipulate the draw, but some people might and
we won’t be able to prove to them that the process was not manipulated.
That is the whole point, it is not the randomness that is the issue it is
the ability to verify that the process is fair.
There are excellent processes for doing just that but they depend on being
able to make the draw under verifiable circumstances. To apply them to IETF
process we would have to delay the whole process to be able to make the
draw at an IETF.
Quantum approaches fail for the same reason. Your black box might be random
but I have no way to determine if it is fair.
Now there are cryptographic protocols we could use that would be verifiably
fair and allow everyone to audit the process independently.
For example (and giving a handwavy, not secure description for brevity),
everyone who wants to contribute to the generator creates a random or
non-random value of their choice and encrypts it under a random key of
their choice. They then submit the encrypted blob before a deadline is
passed. At the deadline the list of submitted blobs is revealed and the
submitters reveal their decryption keys.
To make the process secure it is necessary to ensure that there are
appropriate commitments, yada yada. But thats not too difficult to achieve.