On Tue, Jun 23, 2015 at 2:19 PM, Yoav Nir <ynir.ietf@xxxxxxxxx> wrote:
Picking out of a hat is random enough. It’s just not very verifiable. I’m not saying that Harald would manipulate the draw, but some people might and we won’t be able to prove to them that the process was not manipulated.
> On Jun 23, 2015, at 9:12 PM, Eric C Rosen <erosen@xxxxxxxxxxx> wrote:
>
> On 6/23/2015 8:43 AM, Harald Alvestrand wrote:
>> Speaking as the person who actually picked these lotteries and numbers:
>
> Wouldn't it be simpler and just as effective to pick the names of the nomcom members out of a hat? Just make sure to give it a good shake first.
>
> Or do people really think that the main problem in selecting good IESG members is that the process that selects the nomcom members is insufficiently random?
That is the whole point, it is not the randomness that is the issue it is the ability to verify that the process is fair.
There are excellent processes for doing just that but they depend on being able to make the draw under verifiable circumstances. To apply them to IETF process we would have to delay the whole process to be able to make the draw at an IETF.
Quantum approaches fail for the same reason. Your black box might be random but I have no way to determine if it is fair.
Now there are cryptographic protocols we could use that would be verifiably fair and allow everyone to audit the process independently.
For example (and giving a handwavy, not secure description for brevity), everyone who wants to contribute to the generator creates a random or non-random value of their choice and encrypts it under a random key of their choice. They then submit the encrypted blob before a deadline is passed. At the deadline the list of submitted blobs is revealed and the submitters reveal their decryption keys.
To make the process secure it is necessary to ensure that there are appropriate commitments, yada yada. But thats not too difficult to achieve.