On Tue, Jun 23, 2015 at 11:41 AM, John C Klensin <john-ietf@xxxxxxx> wrote:
--On Tuesday, June 23, 2015 09:18 -0400 Phillip Hallam-Baker
<phill@xxxxxxxxxxxxxxx> wrote:
>> From a security point of view, the question is not whether
>> the inputs are
> random, it is whether they are vulnerable to manipulation.
> Having more inputs does not make a system more robust against
> this type of attack, it makes it more vulnerable.
I am not a cryptographer and don't even play one on television.
But my statistical intuition (and the reasoning in RFC 3797)
causes me to question the latter assertion.
The attack isn't statistical. If I control an input and the other inputs are known, I can manipulate the output. So the more parties that control an input, the greater the chance of default.
The last input obviously has the most influence. But the second to last also has some effect if the final one doesn't add much randomness. If the objective is to keep one particular person in or out of the NOMCON and a non-trivial amount of CPU time is spent, manipulation becomes plausible by the second in line.
Of course being able to delay the input to last is the strongest form of attack.
> The reason that we can trust lottery numbers is not that they
> are absolutely immune from tampering. We can trust them
> because anyone who could be bothered to tamper with them has a
> much bigger incentive than manipulating the IETF NOMCON
> choices. This means that we can put a dollar value on the
> manipulation, a few hundred million USD.
Just following that logic, could you explain who would have the
power and incentive to manipulate the reported US national debt
in order to affect the IETF Nomcom selection process?
But we are not using the US national debt. We are using the reported value of the US national debt. While your country is of course entirely incorruptible when it comes to such matters and there isn't anyone who would ever imagine making such a manipulation at the mere suggestion that 'national security' is at stake, this is certainly not the case in mine. If you read Peter Wright's Spycatcher you will find numerous instances of similar acts by officialdom for even more trivial objectives.
I suppose
that demonstration would start by demonstrating that there are
people involved in the debt analysis and reporting process who
have even heard about the IETF and its nomination process and
who give a rat's a** about it?
Oh come on, that is not the mechanism I suggested any you know it. The decision that manipulating the process was desirable would come from somewhere else. Then they would either identify the person in the stats office responsible for compiling the figures or they would hack into their computer to allow the results to be fiddled.
I also observe that someone trying to attack the IETF process
would, in most cases, need to figure out how to attack a
particular day's numbers and not the overall formula or method
of producing the relevant value or statistic. That seems even
more far-fetched, especially because the day on which the
numbers will be drawn is not generally known.
Which is part of the problem as noted above.
Whether or not people think this is a problem in practice is a lot less important than the question of whether someone can plausibly claim it is a problem.
Having set up and operated CAs, I am used to people proposing all manner of unlikely attacks and I have spent a great deal of time and effort on controls designed to provide auditable assurance that attacks far less likely than this one are prevented.
That said, the other reason to take out the US national debt is that using it suggests that the IETF is taking a political position on its importance. Why not take the US unemployment numbers instead? Or the number of people who applied for Obamacare? I think it is quite obvious that the last two would be a very bad idea.