Network Working Group                                    D. Eastlake 3rd
Request for Comments: 3797                         Motorola Laboratories
Obsoletes: 2777                                                June 2004
Category: Informational
        
Network Working Group                                    D. Eastlake 3rd
Request for Comments: 3797                         Motorola Laboratories
Obsoletes: 2777                                                June 2004
Category: Informational
        

Publicly Verifiable Nominations Committee (NomCom) Random Selection

可公开核实的提名委员会(NomCom)随机选择

Status of this Memo

本备忘录的状况

This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.

本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。

Copyright Notice

版权公告

Copyright (C) The Internet Society (2004).

版权所有(C)互联网协会(2004年)。

Abstract

摘要

This document describes a method for making random selections in such a way that the unbiased nature of the choice is publicly verifiable. As an example, the selection of the voting members of the IETF Nominations Committee (NomCom) from the pool of eligible volunteers is used. Similar techniques would be applicable to other cases.

本文件描述了一种随机选择的方法,其选择的无偏性是可公开验证的。例如,从合格志愿者库中选择IETF提名委员会(NomCom)的投票成员。类似的技术也适用于其他情况。

Table of Contents

目录

   1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . .  2
   2. General Flow of a Publicly Verifiable Process . . . . . . . . .  2
      2.1.  Determination of the Pool . . . . . . . . . . . . . . . .  2
      2.2.  Publication of the Algorithm. . . . . . . . . . . . . . .  3
      2.3.  Publication of Selection. . . . . . . . . . . . . . . . .  3
   3. Randomness. . . . . . . . . . . . . . . . . . . . . . . . . . .  3
      3.1.  Sources of Randomness . . . . . . . . . . . . . . . . . .  3
      3.2.  Skew. . . . . . . . . . . . . . . . . . . . . . . . . . .  4
      3.3.  Entropy Needed. . . . . . . . . . . . . . . . . . . . . .  4
   4. A Suggested Precise Algorithm . . . . . . . . . . . . . . . . .  5
   5. Handling Real World Problems. . . . . . . . . . . . . . . . . .  7
      5.1.  Uncertainty as to the Pool. . . . . . . . . . . . . . . .  7
      5.2.  Randomness Ambiguities. . . . . . . . . . . . . . . . . .  7
   6. Fully Worked Example. . . . . . . . . . . . . . . . . . . . . .  8
   7. Security Considerations . . . . . . . . . . . . . . . . . . . .  9
   8. Reference Code. . . . . . . . . . . . . . . . . . . . . . . . . 10
   Appendix A: History of NomCom Member Selection . . . . . . . . . . 16
   Appendix B: Changes from RFC 2777. . . . . . . . . . . . . . . . . 16
   Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . 17
        
   1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . .  2
   2. General Flow of a Publicly Verifiable Process . . . . . . . . .  2
      2.1.  Determination of the Pool . . . . . . . . . . . . . . . .  2
      2.2.  Publication of the Algorithm. . . . . . . . . . . . . . .  3
      2.3.  Publication of Selection. . . . . . . . . . . . . . . . .  3
   3. Randomness. . . . . . . . . . . . . . . . . . . . . . . . . . .  3
      3.1.  Sources of Randomness . . . . . . . . . . . . . . . . . .  3
      3.2.  Skew. . . . . . . . . . . . . . . . . . . . . . . . . . .  4
      3.3.  Entropy Needed. . . . . . . . . . . . . . . . . . . . . .  4
   4. A Suggested Precise Algorithm . . . . . . . . . . . . . . . . .  5
   5. Handling Real World Problems. . . . . . . . . . . . . . . . . .  7
      5.1.  Uncertainty as to the Pool. . . . . . . . . . . . . . . .  7
      5.2.  Randomness Ambiguities. . . . . . . . . . . . . . . . . .  7
   6. Fully Worked Example. . . . . . . . . . . . . . . . . . . . . .  8
   7. Security Considerations . . . . . . . . . . . . . . . . . . . .  9
   8. Reference Code. . . . . . . . . . . . . . . . . . . . . . . . . 10
   Appendix A: History of NomCom Member Selection . . . . . . . . . . 16
   Appendix B: Changes from RFC 2777. . . . . . . . . . . . . . . . . 16
   Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . 17
        
   References . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
      Normative References. . . . . . . . . . . . . . . . . . . . . . 17
      Informative References. . . . . . . . . . . . . . . . . . . . . 17
   Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 18
   Full Copyright Statement . . . . . . . . . . . . . . . . . . . . . 19
        
   References . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
      Normative References. . . . . . . . . . . . . . . . . . . . . . 17
      Informative References. . . . . . . . . . . . . . . . . . . . . 17
   Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 18
   Full Copyright Statement . . . . . . . . . . . . . . . . . . . . . 19
        
1. Introduction
1. 介绍

Under the IETF rules, each year ten people are randomly selected from among eligible volunteers to be the voting members of the IETF nominations committee (NomCom). The NomCom nominates members of the Internet Engineering Steering Group (IESG) and the Internet Architecture Board (IAB) as described in [RFC 3777]. The number of eligible volunteers in recent years has been around 100.

根据IETF规则,每年从符合条件的志愿者中随机选出10人作为IETF提名委员会(NomCom)的投票成员。NomCom提名互联网工程指导小组(IESG)和互联网架构委员会(IAB)的成员,如[RFC 3777]所述。近年来,符合条件的志愿者人数约为100人。

It is highly desirable that the random selection of the voting NomCom be done in an unimpeachable fashion so that no reasonable charges of bias or favoritism can be brought. This is as much for the protection of the selection administrator (currently, the appointed non-voting NomCom chair) from suspicion of bias as it is for the protection of the IETF.

以无可指责的方式随机选择投票的NomCom是非常可取的,这样就不会对偏见或偏袒提出合理的指控。这不仅是为了保护IETF,也是为了保护遴选管理员(目前为指定的无投票权NomCom主席)免受偏见的怀疑。

A method such that public information will enable any person to verify the randomness of the selection meets this criterion. This document gives an example of such a method.

公开信息使任何人都能够验证选择的随机性是否符合该标准的方法。本文件给出了此类方法的示例。

The method, in the form it appears in RFC 2777, was also used by IANA in February 2003 to determine the ACE prefix for Internationalized Domain Names [RFC 3490] so as to avoid claim jumping.

IANA在2003年2月也采用了RFC 2777中所述的方法来确定国际化域名[RFC 3490]的ACE前缀,以避免索赔跳跃。

2. General Flow of a Publicly Verifiable Process
2. 可公开验证流程的一般流程

A selection of NomCom members publicly verifiable as unbiased or similar selection could follow the three steps given below.

可公开验证为无偏见或类似选择的NomCom成员选择可遵循以下三个步骤。

2.1. Determination of the Pool
2.1. 池的确定

First, determine the pool from which the selection is to be made as provided in [RFC 3777] or its successor.

首先,根据[RFC 3777]中的规定,确定要从中进行选择的池或其后续池。

Volunteers are solicited by the selection administrator. Their names are then passed through the IETF Secretariat to check eligibility. (Current eligibility criteria relate to IETF meeting attendance, records of which are maintained by the Secretariat.) The full list of eligible volunteers is made public early enough that a reasonable time can be given to resolve any disputes as to who should be in the pool.

志愿者由选拔管理员征集。然后,他们的名字将通过IETF秘书处检查资格。(目前的资格标准与IETF会议出席情况有关,其记录由秘书处保存。)合格志愿者的完整名单提前公布,以便有合理的时间来解决关于谁应加入该团队的任何争议。

2.2. Publication of the Algorithm
2.2. 算法的公布

The exact algorithm to be used, including the public future sources of randomness, is made public. For example, the members of the final list of eligible volunteers are ordered by publicly numbering them, some public future sources of randomness such as government run lotteries are specified, and an exact algorithm is specified whereby eligible volunteers are selected based on a strong hash function [RFC 1750] of these future sources of randomness.

将要使用的精确算法,包括未来公开的随机性来源,已公开。例如,通过公开编号对最终合格志愿者名单的成员进行排序,指定了一些未来的公共随机性来源,如政府经营的彩票,并指定了一个精确算法,通过该算法,根据强散列函数选择合格志愿者[RFC 1750]这些未来的随机性来源。

2.3. Publication of Selection
2.3. 出版选集

When the pre-specified sources of randomness produce their output, those values plus a summary of the execution of the algorithm for selection should be announced so that anyone can verify that the correct randomness source values were used and the algorithm properly executed. The algorithm can be run to select, in an ordered fashion, a larger number than are actually necessary so that if any of those selected need to be passed over or replaced for any reason, an ordered set of additional alternate selections will be available. A cut off time for any complaint that the algorithm was run with the wrong inputs or not faithfully executed must be specified to finalize the output and provide a stable selection.

当预先指定的随机性源产生其输出时,应宣布这些值加上选择算法执行的摘要,以便任何人都可以验证是否使用了正确的随机性源值以及算法是否正确执行。可以运行该算法,以有序的方式选择比实际需要的数量更大的数量,这样,如果出于任何原因需要传递或替换这些选择中的任何一个,则可以使用一组有序的附加备选选择。必须指定算法在错误输入下运行或未忠实执行的任何投诉的截止时间,以完成输出并提供稳定的选择。

3. Randomness
3. 随机性

The crux of the unbiased nature of the selection is that it is based in an exact, predetermined fashion on random information which will be revealed in the future and thus can not be known to the person specifying the algorithm. That random information will be used to control the selection. The random information must be such that it will be publicly and unambiguously revealed in a timely fashion.

选择的无偏性的关键在于,它以精确的、预定的方式基于随机信息,这些信息将在将来被揭示,因此指定算法的人无法知道。该随机信息将用于控制选择。随机信息必须及时公开、明确地披露。

The random sources must not include anything that any reasonable person would believe to be under the control or influence of the IETF or its components, such as IETF meeting attendance statistics, numbers of documents issued, or the like.

随机来源不得包括任何理性人士认为受IETF或其组成部分控制或影响的任何内容,如IETF会议出席统计、发布文件数量等。

3.1. Sources of Randomness
3.1. 随机性的来源

Examples of good information to use are winning lottery numbers for specified runnings of specified public lotteries. Particularly for government run lotteries, great care is taken to see that they occur on time and produce random quantities. Even in the unlikely case one were to have been rigged, it would almost certainly be in connection with winning money in the lottery, not in connection with IETF use.

可以使用的良好信息的例子是,在指定公共彩票的指定运行中赢得彩票号码。特别是对于政府经营的彩票,我们非常小心地确保它们按时发行并产生随机数量。即使在不太可能的情况下,一个被操纵,它几乎肯定与彩票中奖有关,而不是与IETF的使用有关。

Other possibilities are such things as the daily balance in the US Treasury on a specified day, the volume of trading on the New York Stock exchange on a specified day, etc. (However, the reference code given below will not handle integers that are too large.) Sporting events can also be used. (Experience has indicated that stock prices and/or volumes are a poor source of unambiguous data due trading suspensions, company mergers, delistings, splits, multiple markets, etc.) In all cases, great care must be taken to specify exactly what quantities are being presumed random and what will be done if their issuance is cancelled, delayed, or advanced.

其他可能性包括美国财政部在指定日期的每日余额、纽约证券交易所在指定日期的交易量等(但是,下面给出的参考代码不会处理太大的整数)。也可以使用体育赛事。(经验表明,由于交易暂停、公司合并、退市、拆分、多个市场等原因,股票价格和/或成交量是一个不明确的数据来源。)在所有情况下,必须非常小心地明确说明哪些数量被认为是随机的,以及如果其发行被取消、延迟,将采取什么措施,或先进。

It is important that the last source of randomness, chronologically, produce a substantial amount of the entropy needed. If most of the randomness has come from the earlier of the specified sources, and someone has even limited influence on the final source, they might do an exhaustive analysis and exert such influence so as to bias the selection in the direction they wanted. Thus it is best for the last source to be an especially strong and unbiased source of a large amount of randomness such as a government run lottery.

重要的是,随机性的最后一个来源,按时间顺序,产生所需的大量熵。如果大部分随机性来自于较早的指定来源,而某些人甚至对最终来源的影响有限,他们可能会进行详尽的分析并施加这种影响,从而使选择偏向他们想要的方向。因此,最好是最后一个来源是一个特别强大和无偏见的来源大量的随机性,如政府运行的彩票。

It is best not to use too many different sources. Every additional source increases the probability that one or more sources might be delayed, cancelled, or just plain screwed up somehow, calling into play contingency provisions or, worst of all, creating a situation that was not anticipated. This would either require arbitrary judgment by the selection administrator, defeating the randomness of the selection, or a re-run with a new set of sources, causing much delay. Three or four would be a good number of sources. Ten is too many.

最好不要使用太多不同的来源。每一个额外的来源都增加了一个或多个来源可能被延迟、取消或只是以某种方式搞砸的可能性,这需要动用应急准备,或者,最糟糕的是,造成了一种出乎意料的情况。这可能需要选择管理员进行任意判断,以消除选择的随机性,或者使用一组新的源重新运行,从而造成很大的延迟。三个或四个将是一个很好的来源数量。十个太多了。

3.2. Skew
3.2. 歪曲

Some of the sources of randomness produce data that is not uniformly distributed. This is certainly true of volumes, prices, and horse race results, for example. However, use of a strong mixing function [RFC 1750] will extract the available entropy and produce a hash value whose bits, remainder modulo a small divisor, etc., deviate from a uniform distribution only by an insignificant amount.

一些随机性来源产生的数据分布不均匀。例如,对于数量、价格和赛马结果来说,这无疑是正确的。然而,使用强混合函数[RFC 1750]将提取可用熵并产生散列值,其位、模小除数的余数等仅与均匀分布相差很小的量。

3.3. Entropy Needed
3.3. 所需熵

What we are doing is selecting N items without replacement from a population of P items. The number of different ways to do this is as follows, where "!" represents the factorial function:

我们正在做的是从P个项目的总体中选择N个项目而不进行替换。执行此操作的不同方法如下所示,其中“!”表示阶乘函数:

                            P!
                       -------------
                       N! * (P - N)!
        
                            P!
                       -------------
                       N! * (P - N)!
        

To do this in a completely random fashion requires as many random bits as the logarithm base 2 of that quantity. Some sample calculated approximate number of random bits for the completely random selection of 10 NomCom members from various pool sizes is given below:

要以完全随机的方式执行此操作,需要与该数量的对数基数2一样多的随机位。下面给出了从各种池大小中完全随机选择10个NomCom成员的一些样本计算出的近似随机位数:

Random Selection of Ten Items From Pool

从池中随机选择10项

Pool size 20 25 30 35 40 50 60 75 100 120 Bits needed 18 22 25 28 30 34 37 40 44 47

池大小20 25 30 35 40 50 60 75 100 120位需要18 22 25 28 30 34 37 40 44 47

Using an inadequate number of bits means that not all of the possible sets of ten selected items would be available. For a substantially inadequate amount of entropy, there could be a significant correlation between the selection of two different members of the pool, for example. However, as a practical matter, for pool sizes likely to be encountered in IETF NomCom membership selection, 40 bits of entropy should always be adequate. Even if there is a large pool and more bits are needed for perfect randomness, 40 bits of entropy will assure only an insignificant deviation from completely random selection for the difference in probability of selection of different pool members, the correlation between the selection of any pair of pool members, etc.

使用不足的位数意味着并非所有可能的十个选定项目集都可用。例如,对于熵的严重不足,在选择池中的两个不同成员之间可能存在显著的相关性。然而,作为一个实际问题,对于IETF NomCom成员选择中可能遇到的池大小,40位的熵应该总是足够的。即使有一个大的池并且需要更多的比特来实现完美的随机性,40比特的熵也只能保证与完全随机选择的微小偏差,因为不同池成员的选择概率不同,任何池成员对的选择之间的相关性等。

An MD5 [RFC 1321] hash has 128 bits and therefore can produce no more than that number of bits of entropy. However, this is more than three times what is likely to ever be needed for IETF NomCom membership selection. A even stronger hash, such as SHA-1 [RFC 3174], can be used if desired.

MD5[RFC1321]散列有128位,因此产生的熵位数不超过该位数。然而,这是IETF NomCom成员选择可能需要的三倍多。如果需要,可以使用更强大的散列,如SHA-1[RFC 3174]。

4. A Suggested Precise Algorithm
4. 一种建议的精确算法

It is important that a precise algorithm be given for mixing the random sources specified and making the selection based thereon. Sources suggested above produce either a single positive number (i.e., NY Stock Exchange volume in thousands of shares) or a small set of positive numbers (many lotteries provide 6 numbers in the range of 1 through 40 or the like, a sporting event could produce the scores of two teams, etc.). A suggested precise algorithm is as follows:

重要的是,必须给出一个精确的算法,用于混合指定的随机源,并在此基础上进行选择。上述资料来源要么产生一个正数(即纽约证券交易所成交量为数千股),要么产生一小部分正数(许多彩票提供6个介于1到40之间的数字或类似数字,一场体育赛事可能产生两支球队的分数等)。建议的精确算法如下所示:

1. For each source producing multiple numeric values, represent each as a decimal number terminated by a period (or with a period separating the whole from the fractional part), without leading zeroes (except for a single leading zero if the integer part is zero), and without trailing zeroes after the period.

1. 对于产生多个数值的每个源,将每个源表示为以句点终止的十进制数(或以句点分隔整部分和小数部分),不带前导零(如果整数部分为零,则不带单个前导零),并且在句点后不带尾随零。

2. Order the values from each source from smallest to the largest and concatenate them and suffix the result with a "/". For each source producing a single number, simply represent it as above with a suffix "/". (This sorting is necessary because the same lottery results, for example, are sometimes reported in the order numbers were drawn and sometimes in numeric order and such things as the scores of two sports teams that play a game has no inherent order.)

2. 将每个源中的值从最小值到最大值排序,并将它们连接起来,并在结果后面加上“/”后缀。对于产生单个数字的每个源,只需使用后缀“/”如上所述表示它。(例如,这种排序是必要的,因为相同的彩票结果有时以抽奖号码的顺序报告,有时以数字顺序报告,而两个运动队在一场比赛中的得分没有固有的顺序。)

3. At this point you have a string for each source, say s1/, s2/, ... Concatenate these strings in a pre-specified order, the order in which the sources were listed if not otherwise specified, and represent each character as its ASCII code [ASCII] producing "s1/s2/.../".

3. 此时,每个源都有一个字符串,比如s1/,s2/。。。以预先指定的顺序连接这些字符串,如果未另行指定,则按源的列出顺序,并将每个字符表示为其ASCII码[ASCII],生成“s1/s2/../”。

You then produce a sequence of random values derived from a strong mixing of these sources by calculating the MD5 hash [RFC 1321] of this string prefixed and suffixed with an all zeros two byte sequence for the first value, the string prefixed and suffixed by 0x0001 for the second value, etc., treating the two bytes as a big endian counter. Treat each of these derived "random" MD5 output values as a positive 128-bit multiprecision big endian integer.

然后,通过计算该字符串的MD5散列[RFC 1321],该字符串的前缀和后缀为第一个值的全零双字节序列,第二个值的前缀和后缀为0x0001,等等,生成从这些源的强混合中派生的随机值序列,并将这两个字节视为一个大端计数器。将每个派生的“随机”MD5输出值视为正128位多精度big-endian整数。

Then totally order the pool of listed volunteers as follows: If there are P volunteers, select the first by dividing the first derived random value by P and using the remainder plus one as the position of the selectee in the published list. Select the second by dividing the second derived random value by P-1 and using the remainder plus one as the position in the list with the first selected person eliminated. Etc.

然后按如下方式对列出的志愿者池进行总体排序:如果有P名志愿者,则通过将第一个衍生随机值除以P,并使用余数加1作为被选中者在已发布列表中的位置来选择第一名志愿者。通过将第二个导出的随机值除以P-1,并使用余数加上1作为列表中的位置来选择第二个,并将第一个选定的人员删除。等

It is STRONGLY recommended that alphanumeric random sources be avoided due to the much greater difficulty in canonicalizing them in an independently repeatable fashion; however, if you choose to ignore this advice and use an ASCII or similar Roman alphabet source or sources, all white space, punctuation, accents, and special characters should be removed and all letters set to upper case. This will leave only an unbroken sequence of letters A-Z and digits 0-9 which can be treated as a canonicalized number above and suffixed with a "./". If you choose to not just ignore but flagrantly flout this advice and try to use even more complex and harder to canonicalize internationalized text, such as UNICODE, you are on your own.

强烈建议避免使用字母数字随机源,因为以独立可重复的方式规范化这些随机源的难度要大得多;但是,如果您选择忽略此建议并使用ASCII或类似的罗马字母源,则应删除所有空格、标点符号、重音符号和特殊字符,并将所有字母设置为大写。这将只留下一个完整的字母A-Z和数字0-9序列,它们可以被视为上面的规范化数字,并以“/”作为后缀。如果您选择不只是忽略,而是公然蔑视这一建议,并尝试使用更复杂、更难规范化的国际化文本(如UNICODE),那么您就只能靠自己了。

5. Handling Real World Problems
5. 处理现实世界的问题

In the real world, problems can arise in following the steps and flow outlined in Sections 2 through 4 above. Some problems that have actually arisen are described below with recommendations for handling them.

在现实世界中,按照上面第2节到第4节中概述的步骤和流程可能会出现问题。下文介绍了实际出现的一些问题,并提出了处理这些问题的建议。

5.1. Uncertainty as to the Pool
5.1. 游泳池的不确定性

Every reasonable effort should be made to see that the published pool from which selection is made is of certain and eligible persons. However, especially with compressed schedules or perhaps someone whose claim that they volunteered and are eligible has not been resolved by the deadline, or a determination that someone is not eligible which occurs after the publication of the pool, it may be that there are still uncertainties.

应尽一切合理努力确保公布的人才库中有特定的合格人员进行选择。然而,特别是在时间紧迫的情况下,或者某些人声称他们自愿参加并符合条件,但在截止日期之前尚未解决,或者在公布人才库后确定某人不符合条件,这可能是因为仍然存在不确定性。

The best way to handle this is to maintain the announced schedule, INCLUDE in the published pool all those whose eligibility is uncertain and to keep the published pool list numbering IMMUTABLE after its publication. If someone in the pool is later selected by the algorithm and random input but it has been determined they are ineligible, they can be skipped and the algorithm run further to make an additional selection. Thus the uncertainty only effects one selection and in general no more than a maximum of U selections where there are U uncertain pool members.

处理这一问题的最佳方法是维持公布的时间表,将所有资格不确定的人纳入公布的人才库,并在公布后保持公布的人才库名单编号不变。如果池中的某个人后来被算法和随机输入选择,但已确定他们不合格,则可以跳过他们,并进一步运行算法以进行额外选择。因此,不确定性只影响一个选择,通常不超过U个不确定池成员的U个选择的最大值。

Other courses of action are far worse. Actual insertion or deletion of entries in the pool after its publication changes the length of the list and totally scrambles who is selected, possibly changing every selection. Insertion into the pool raises questions of where to insert: at the beginning, end, alphabetic order, ... Any such choices by the selection administrator after the random numbers are known destroys the public verifiability of fair choice. Even if done before the random numbers are known, such dinking with the list after its publication just smells bad. There should be clear fixed public deadlines and someone who challenges their absence from the pool after the published deadline should have their challenge automatically denied for tardiness.

其他行动方针则要糟糕得多。发布后在池中实际插入或删除条目会更改列表的长度,并完全扰乱所选对象,可能会更改每个选择。插入到池中会引起插入位置的问题:开始、结束、字母顺序。。。在随机数已知后,选择管理员的任何此类选择都会破坏公平选择的公开可验证性。即使在知道随机数之前就这样做了,这种在名单公布后用它来敲打也会让人难受。应该有明确的固定公共截止日期,如果有人在公布的截止日期后对其缺席提出质疑,则应自动拒绝其质疑。

5.2. Randomness Ambiguities
5.2. 随机性歧义

The best good faith efforts have been made to specify precise and unambiguous sources of randomness. These sources have been made public in advance and there has not been objection to them. However, it has happened that when the time comes to actually get and use this randomness, the real world has thrown a curve ball and it isn't quite clear what data to use. Problems have particularly arisen in

已尽最大努力确定随机性的精确和明确来源。这些消息来源已经提前公布,没有人反对。然而,当实际获取和使用这种随机性的时候,现实世界已经抛出了一个曲线球,并且不太清楚要使用什么数据。特别是在非洲出现了一些问题

connection with stock prices, volumes, and financial exchange rates or indices. If volumes that were published in thousands are published in hundreds, you have a rounding problem. Prices that were quoted in fractions or decimals can change to the other. If you take care of every contingency that has come up in the past, you can be hit with a new one. When this sort of thing happens, it is generally too late to announce new sources, an action which could raise suspicions of its own. About the only course of action is to make a reasonable choice within the ambiguity and depend on confidence in the good faith of the selection administrator. With care, such cases should be extremely rare.

与股票价格、交易量和金融汇率或指数的联系。如果以千为单位发布的卷以数百为单位发布,则存在舍入问题。以分数或小数报价的价格可以更改为其他价格。如果你处理好过去发生的每一件意外事件,你可能会遇到新的意外事件。当这类事情发生时,宣布新的消息来源通常为时已晚,这一行动本身可能引起怀疑。关于唯一的行动方针是在模棱两可的情况下做出合理的选择,并依赖于对选择管理员诚信的信心。小心,这种情况应该非常罕见。

Based on these experiences, it is again recommended that public lottery numbers or the like be used as the random inputs and stock prices and volumes avoided.

根据这些经验,再次建议使用公共彩票号码或类似号码作为随机输入,并避免股票价格和数量。

6. Fully Worked Example
6. 充分发挥作用的例子

Assume the following ordered list of 25 eligible volunteers is published in advance of selection:

假设在选择之前公布了以下25名合格志愿者的有序名单:

1. John 11. Pollyanna 21. Pride 2. Mary 12. Pendragon 22. Sloth 3. Bashful 13. Pandora 23. Envy 4. Dopey 14. Faith 24. Anger 5. Sleepy 15. Hope 25. Kasczynski 6. Grouchy 16. Charity 7. Doc 17. Lee 8. Sneazy 18. Longsuffering 9. Handsome 19. Chastity 10. Cassandra 20. Smith

1.约翰11岁。波利亚娜21。骄傲2。玛丽12岁。彭德拉贡22号。懒惰3。害羞的13。潘多拉23。嫉妒4。愚蠢的14。信仰24。愤怒5。困倦的15岁。希望25。卡钦斯基6。脾气暴躁的16岁。慈善7。文件17。李8。斯内兹18。长时间忍耐9。漂亮的19岁。贞操10。卡桑德拉20。史密斯

Assume the following (fake example) ordered list of randomness sources: 1. The Kingdom of Alphaland State Lottery daily number for 1 November 2004 treated as a single four digit integer. 2. Numbers of the winning horses at Hialeia for all races for the first day on or after 13 October 2004 on which at least two races are run. 3. The People's Democratic Republic of Betastani State Lottery six winning numbers (ignoring the seventh "extra" number) for 1 November 2004.

假设以下(假示例)随机性源的有序列表:1。2004年11月1日阿尔法兰王国国家彩票每日号码被视为一个四位数整数。2.2004年10月13日当天或之后第一天在Hialeia举行的所有比赛中获胜的马的数量,其中至少有两场比赛。3.2004年11月1日,人民民主共和国贝塔斯坦尼州彩票共有六个中奖号码(忽略第七个“额外”号码)。

Hypothetical randomness publicly produced: Source 1: 9319 Source 2: 2, 5, 12, 8, 10 Source 3: 9, 18, 26, 34, 41, 45

公开产生的假设随机性:来源1:9319来源2:2,5,12,8,10来源3:9,18,26,34,41,45

Resulting key string:

结果键字符串:

       9319./2.5.8.10.12./9.18.26.34.41.45./
        
       9319./2.5.8.10.12./9.18.26.34.41.45./
        

The table below gives the hex of the MD5 of the above key string bracketed with a two byte string that is successively 0x0000, 0x0001, 0x0002, through 0x0010 (16 decimal). The divisor for the number size of the remaining pool at each stage is given and the index of the selectee as per the original number of those in the pool.

下表给出了上述键字符串MD5的十六进制,该键字符串用两字节字符串括起来,依次为0x0000、0x0001、0x0002到0x0010(16位小数)。给出了每个阶段剩余池数大小的除数,并根据池中剩余池数的原始数给出了被选择者的索引。

   index        hex value of MD5        div  selected
    1  990DD0A5692A029A98B5E01AA28F3459  25  -> 17 <-
    2  3691E55CB63FCC37914430B2F70B5EC6  24  ->  7 <-
    3  FE814EDF564C190AC1D25753979990FA  23  ->  2 <-
    4  1863CCACEB568C31D7DDBDF1D4E91387  22  -> 16 <-
    5  F4AB33DF4889F0AF29C513905BE1D758  21  -> 25 <-
    6  13EAEB529F61ACFB9A29D0BA3A60DE4A  20  -> 23 <-
    7  992DB77C382CA2BDB9727001F3CDCCD9  19  ->  8 <-
    8  63AB4258ECA922976811C7F55C383CE7  18  -> 24 <-
    9  DFBC5AC97CED01B3A6E348E3CC63F40D  17  -> 19 <-
   10  31CB111C4A4EBE9287CEAE16FE51B909  16  -> 13 <-
   11  07FA46C122F164C215BBC72793B189A3  15  -> 22 <-
   12  AC52F8D75CCBE2E61AFEB3387637D501  14  ->  5 <-
   13  53306F73E14FC0B2FBF434218D25948E  13  -> 18 <-
   14  B5D1403501A81F9A47318BE7893B347C  12  ->  9 <-
   15  85B10B356AA06663EF1B1B407765100A  11  ->  1 <-
   16  3269E6CE559ABD57E2BA6AAB495EB9BD  10  ->  4 <-
        
   index        hex value of MD5        div  selected
    1  990DD0A5692A029A98B5E01AA28F3459  25  -> 17 <-
    2  3691E55CB63FCC37914430B2F70B5EC6  24  ->  7 <-
    3  FE814EDF564C190AC1D25753979990FA  23  ->  2 <-
    4  1863CCACEB568C31D7DDBDF1D4E91387  22  -> 16 <-
    5  F4AB33DF4889F0AF29C513905BE1D758  21  -> 25 <-
    6  13EAEB529F61ACFB9A29D0BA3A60DE4A  20  -> 23 <-
    7  992DB77C382CA2BDB9727001F3CDCCD9  19  ->  8 <-
    8  63AB4258ECA922976811C7F55C383CE7  18  -> 24 <-
    9  DFBC5AC97CED01B3A6E348E3CC63F40D  17  -> 19 <-
   10  31CB111C4A4EBE9287CEAE16FE51B909  16  -> 13 <-
   11  07FA46C122F164C215BBC72793B189A3  15  -> 22 <-
   12  AC52F8D75CCBE2E61AFEB3387637D501  14  ->  5 <-
   13  53306F73E14FC0B2FBF434218D25948E  13  -> 18 <-
   14  B5D1403501A81F9A47318BE7893B347C  12  ->  9 <-
   15  85B10B356AA06663EF1B1B407765100A  11  ->  1 <-
   16  3269E6CE559ABD57E2BA6AAB495EB9BD  10  ->  4 <-
        

Resulting first ten selected, in order selected:

结果前十个选择,按选择顺序:

1. Lee (17) 6. Envy (23) 2. Doc (7) 7. Sneazy (8) 3. Mary (2) 8. Anger (24) 4. Charity (16) 9. Chastity (19) 5. Kasczynski (25) 10. Pandora (13)

1. 李(17)6。嫉妒(23)2。文件(7)7。斯内兹(8)3。玛丽(2)8。愤怒(24)4。慈善(16)9。贞操(19)5。卡钦斯基(25)10。潘多拉(13)

Should one of the above turn out to be ineligible or decline to serve, the next would be Sloth, number 22.

如果以上其中一个被证明没有资格或拒绝服务,下一个将是懒惰,第22号。

7. Security Considerations
7. 安全考虑

Careful choice of should be made of randomness inputs so that there is no reasonable suspicion that they are under the control of the administrator. Guidelines given above to use a small number of inputs with a substantial amount of entropy from the last should be followed. And equal care needs to be given that the algorithm selected is faithfully executed with the designated inputs values.

应仔细选择随机性输入,以便没有理由怀疑它们受管理员控制。应遵循上面给出的指南,即使用少量输入,并从最后一个输入中获得大量熵。同样需要注意的是,所选择的算法是用指定的输入值忠实地执行的。

Publication of the results and a week or so window for the community of interest to duplicate the calculations should give a reasonable assurance against implementation tampering.

结果的公布和利益共同体复制计算的一周左右的时间窗口应能合理保证不被实施篡改。

8. Reference Code
8. 参考代码

This code makes use of the MD5 reference code from [RFC 1321] ("RSA Data Security, Inc. MD5 Message-Digest Algorithm"). The portion of the code dealing with multiple floating point numbers was written by Matt Crawford. The original code in RFC 2777 could only handle pools of up to 255 members and was extended to 2**16-1 by Erik Nordmark. This code has been extracted from this document, compiled, and tested. While no flaws have been found, it is possible that when used with some compiler on some system some flaw will manifest itself.

此代码使用了[RFC 1321](“RSA Data Security,Inc.MD5消息摘要算法”)中的MD5参考代码。处理多个浮点数的代码部分由Matt Crawford编写。RFC2777中的原始代码只能处理多达255个成员的池,并由Erik Nordmark扩展为2**16-1。此代码已从该文档中提取、编译和测试。虽然没有发现任何缺陷,但当在某些系统上与某些编译器一起使用时,某些缺陷可能会显现出来。

   /****************************************************************
     *
     *  Reference code for
     *      "Publicly Verifiable Random Selection"
     *          Donald E. Eastlake 3rd
     *              February 2004
     *
     ****************************************************************/
    #include <limits.h>
    #include <math.h>
    #include <stdio.h>
    #include <stdlib.h>
    #include <string.h>
        
   /****************************************************************
     *
     *  Reference code for
     *      "Publicly Verifiable Random Selection"
     *          Donald E. Eastlake 3rd
     *              February 2004
     *
     ****************************************************************/
    #include <limits.h>
    #include <math.h>
    #include <stdio.h>
    #include <stdlib.h>
    #include <string.h>
        
    /* From RFC 1321 */
    #include "global.h"
    #include "MD5.h"
        
    /* From RFC 1321 */
    #include "global.h"
    #include "MD5.h"
        
    /* local prototypes */
    int longremainder ( unsigned short divisor,
                        unsigned char dividend[16] );
    long int getinteger ( char *string );
    double NPentropy ( int N, int P );
        
    /* local prototypes */
    int longremainder ( unsigned short divisor,
                        unsigned char dividend[16] );
    long int getinteger ( char *string );
    double NPentropy ( int N, int P );
        
    /* limited to up to 16 inputs of up to sixteen integers each */
    /* pool limit of 2**8-1 extended to 2**16-1 by Erik Nordmark */
    /****************************************************************/
        
    /* limited to up to 16 inputs of up to sixteen integers each */
    /* pool limit of 2**8-1 extended to 2**16-1 by Erik Nordmark */
    /****************************************************************/
        
    main ()
    {
    int         i, j,  k, k2, err, keysize, selection, usel;
        
    main ()
    {
    int         i, j,  k, k2, err, keysize, selection, usel;
        
    unsigned short   remaining, *selected;
    long int    pool, temp, array[16];
    MD5_CTX     ctx;
    char        buffer[257], key [800], sarray[16][256];
    unsigned char    uc16[16], unch1, unch2;
        
    unsigned short   remaining, *selected;
    long int    pool, temp, array[16];
    MD5_CTX     ctx;
    char        buffer[257], key [800], sarray[16][256];
    unsigned char    uc16[16], unch1, unch2;
        
    pool = getinteger ( "Type size of pool:\n" );
    if ( pool > 65535 )
        
    pool = getinteger ( "Type size of pool:\n" );
    if ( pool > 65535 )
        
        {
        printf ( "Pool too big.\n" );
        exit ( 1 );
        }
    selected = (unsigned short *) malloc ( (size_t)pool );
    if ( !selected )
        {
        printf ( "Out of memory.\n" );
        exit ( 1 );
        }
    selection = getinteger ( "Type number of items to be selected:\n" );
    if ( selection > pool )
        {
        printf ( "Pool too small.\n" );
        exit ( 1 );
        }
    if ( selection == pool )
        printf ( "All of the pool is selected.\n" );
    else
        {
        err = printf ( "Approximately %.1f bits of entropy needed.\n",
                        NPentropy ( selection, pool ) + 0.1 );
        if ( err <= 0 ) exit ( 1 );
        }
    for ( i = 0, keysize = 0; i < 16; ++i )
        {
        if ( keysize > 500 )
            {
            printf ( "Too much input.\n" );
            exit ( 1 );
            }
        /* get the "random" inputs. echo back to user so the user may
           be able to tell if truncation or other glitches occur.  */
        err = printf (
            "\nType #%d randomness or 'end' followed by new line.\n"
            "Up to 16 integers or the word 'float' followed by up\n"
            "to 16 x.y format reals.\n", i+1 );
        if ( err <= 0 ) exit ( 1 );
        gets ( buffer );
        
        {
        printf ( "Pool too big.\n" );
        exit ( 1 );
        }
    selected = (unsigned short *) malloc ( (size_t)pool );
    if ( !selected )
        {
        printf ( "Out of memory.\n" );
        exit ( 1 );
        }
    selection = getinteger ( "Type number of items to be selected:\n" );
    if ( selection > pool )
        {
        printf ( "Pool too small.\n" );
        exit ( 1 );
        }
    if ( selection == pool )
        printf ( "All of the pool is selected.\n" );
    else
        {
        err = printf ( "Approximately %.1f bits of entropy needed.\n",
                        NPentropy ( selection, pool ) + 0.1 );
        if ( err <= 0 ) exit ( 1 );
        }
    for ( i = 0, keysize = 0; i < 16; ++i )
        {
        if ( keysize > 500 )
            {
            printf ( "Too much input.\n" );
            exit ( 1 );
            }
        /* get the "random" inputs. echo back to user so the user may
           be able to tell if truncation or other glitches occur.  */
        err = printf (
            "\nType #%d randomness or 'end' followed by new line.\n"
            "Up to 16 integers or the word 'float' followed by up\n"
            "to 16 x.y format reals.\n", i+1 );
        if ( err <= 0 ) exit ( 1 );
        gets ( buffer );
        
        j = sscanf ( buffer,
                "%ld%ld%ld%ld%ld%ld%ld%ld%ld%ld%ld%ld%ld%ld%ld%ld",
            &array[0], &array[1], &array[2], &array[3],
            &array[4], &array[5], &array[6], &array[7],
            &array[8], &array[9], &array[10], &array[11],
            &array[12], &array[13], &array[14], &array[15] );
        if ( j == EOF )
            exit ( j );
        if ( !j )
            if ( buffer[0] == 'e' )
                break;
        
        j = sscanf ( buffer,
                "%ld%ld%ld%ld%ld%ld%ld%ld%ld%ld%ld%ld%ld%ld%ld%ld",
            &array[0], &array[1], &array[2], &array[3],
            &array[4], &array[5], &array[6], &array[7],
            &array[8], &array[9], &array[10], &array[11],
            &array[12], &array[13], &array[14], &array[15] );
        if ( j == EOF )
            exit ( j );
        if ( !j )
            if ( buffer[0] == 'e' )
                break;
        
            else
                {   /* floating point code by Matt Crawford */
                j = sscanf ( buffer,
                    "float %ld.%[0-9]%ld.%[0-9]%ld.%[0-9]%ld.%[0-9]"
                    "%ld.%[0-9]%ld.%[0-9]%ld.%[0-9]%ld.%[0-9]"
                    "%ld.%[0-9]%ld.%[0-9]%ld.%[0-9]%ld.%[0-9]"
                    "%ld.%[0-9]%ld.%[0-9]%ld.%[0-9]%ld.%[0-9]",
                    &array[0], sarray[0], &array[1], sarray[1],
                    &array[2], sarray[2], &array[3], sarray[3],
                    &array[4], sarray[4], &array[5], sarray[5],
                    &array[6], sarray[6], &array[7], sarray[7],
                    &array[8], sarray[8], &array[9], sarray[9],
                    &array[10], sarray[10], &array[11], sarray[11],
                    &array[12], sarray[12], &array[13], sarray[13],
                    &array[14], sarray[14], &array[15], sarray[15] );
                if ( j == 0 || j & 1 )
                    printf ( "Bad format." );
                else {
                     for ( k = 0, j /= 2; k < j; k++ )
                     {
                           /* strip trailing zeros */
                     for ( k2=strlen(sarray[k]); sarray[k][--k2]=='0';)
                           sarray[k][k2] = '\0';
                     err = printf ( "%ld.%s\n", array[k], sarray[k] );
                     if ( err <= 0 ) exit ( 1 );
                     keysize += sprintf ( &key[keysize], "%ld.%s",
                                          array[k], sarray[k] );
                     }
                     keysize += sprintf ( &key[keysize], "/" );
                     }
                }
        else
            {   /* sort values, not a very efficient algorithm */
            for ( k2 = 0; k2 < j - 1; ++k2 )
                for ( k = 0; k < j - 1; ++k )
                    if ( array[k] > array[k+1] )
        
            else
                {   /* floating point code by Matt Crawford */
                j = sscanf ( buffer,
                    "float %ld.%[0-9]%ld.%[0-9]%ld.%[0-9]%ld.%[0-9]"
                    "%ld.%[0-9]%ld.%[0-9]%ld.%[0-9]%ld.%[0-9]"
                    "%ld.%[0-9]%ld.%[0-9]%ld.%[0-9]%ld.%[0-9]"
                    "%ld.%[0-9]%ld.%[0-9]%ld.%[0-9]%ld.%[0-9]",
                    &array[0], sarray[0], &array[1], sarray[1],
                    &array[2], sarray[2], &array[3], sarray[3],
                    &array[4], sarray[4], &array[5], sarray[5],
                    &array[6], sarray[6], &array[7], sarray[7],
                    &array[8], sarray[8], &array[9], sarray[9],
                    &array[10], sarray[10], &array[11], sarray[11],
                    &array[12], sarray[12], &array[13], sarray[13],
                    &array[14], sarray[14], &array[15], sarray[15] );
                if ( j == 0 || j & 1 )
                    printf ( "Bad format." );
                else {
                     for ( k = 0, j /= 2; k < j; k++ )
                     {
                           /* strip trailing zeros */
                     for ( k2=strlen(sarray[k]); sarray[k][--k2]=='0';)
                           sarray[k][k2] = '\0';
                     err = printf ( "%ld.%s\n", array[k], sarray[k] );
                     if ( err <= 0 ) exit ( 1 );
                     keysize += sprintf ( &key[keysize], "%ld.%s",
                                          array[k], sarray[k] );
                     }
                     keysize += sprintf ( &key[keysize], "/" );
                     }
                }
        else
            {   /* sort values, not a very efficient algorithm */
            for ( k2 = 0; k2 < j - 1; ++k2 )
                for ( k = 0; k < j - 1; ++k )
                    if ( array[k] > array[k+1] )
        
                        {
                        temp = array[k];
                        array[k] = array[k+1];
                        array[k+1] = temp;
                        }
            for ( k = 0; k < j; ++k )
                { /* print for user check */
                err = printf ( "%ld ", array[k] );
                if ( err <= 0 ) exit ( 1 );
                keysize += sprintf ( &key[keysize], "%ld.", array[k] );
                }
            keysize += sprintf ( &key[keysize], "/" );
            }
        }   /* end for i */
        
                        {
                        temp = array[k];
                        array[k] = array[k+1];
                        array[k+1] = temp;
                        }
            for ( k = 0; k < j; ++k )
                { /* print for user check */
                err = printf ( "%ld ", array[k] );
                if ( err <= 0 ) exit ( 1 );
                keysize += sprintf ( &key[keysize], "%ld.", array[k] );
                }
            keysize += sprintf ( &key[keysize], "/" );
            }
        }   /* end for i */
        
    /* have obtained all the input, now produce the output */
    err = printf ( "Key is:\n %s\n", key );
    if ( err <= 0 ) exit ( 1 );
    for ( i = 0; i < pool; ++i )
        selected [i] = (unsigned short)(i + 1);
    printf ( "index        hex value of MD5        div  selected\n" );
    for (   usel = 0, remaining = (unsigned short)pool;
            usel < selection;
            ++usel, --remaining )
        {
        unch1 = (unsigned char)usel;
        unch2 = (unsigned char)(usel>>8);
        /* prefix/suffix extended to 2 bytes by Donald Eastlake */
        MD5Init ( &ctx );
        MD5Update ( &ctx, &unch2, 1 );
        MD5Update ( &ctx, &unch1, 1 );
        MD5Update ( &ctx, (unsigned char *)key, keysize );
        MD5Update ( &ctx, &unch2, 1 );
        MD5Update ( &ctx, &unch1, 1 );
        MD5Final ( uc16, &ctx );
        k = longremainder ( remaining, uc16 );
    /* printf ( "Remaining = %d, remainder = %d.\n", remaining, k ); */
        for ( j = 0; j < pool; ++j )
            if ( selected[j] )
                if ( --k < 0 )
                    {
                    printf ( "%2d  "
    "%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X  "
    "%2d  -> %2d <-\n",
    usel+1, uc16[0],uc16[1],uc16[2],uc16[3],uc16[4],uc16[5],uc16[6],
    uc16[7],uc16[8],uc16[9],uc16[10],uc16[11],uc16[12],uc16[13],
    uc16[14],uc16[15], remaining, selected[j] );
                    selected[j] = 0;
        
    /* have obtained all the input, now produce the output */
    err = printf ( "Key is:\n %s\n", key );
    if ( err <= 0 ) exit ( 1 );
    for ( i = 0; i < pool; ++i )
        selected [i] = (unsigned short)(i + 1);
    printf ( "index        hex value of MD5        div  selected\n" );
    for (   usel = 0, remaining = (unsigned short)pool;
            usel < selection;
            ++usel, --remaining )
        {
        unch1 = (unsigned char)usel;
        unch2 = (unsigned char)(usel>>8);
        /* prefix/suffix extended to 2 bytes by Donald Eastlake */
        MD5Init ( &ctx );
        MD5Update ( &ctx, &unch2, 1 );
        MD5Update ( &ctx, &unch1, 1 );
        MD5Update ( &ctx, (unsigned char *)key, keysize );
        MD5Update ( &ctx, &unch2, 1 );
        MD5Update ( &ctx, &unch1, 1 );
        MD5Final ( uc16, &ctx );
        k = longremainder ( remaining, uc16 );
    /* printf ( "Remaining = %d, remainder = %d.\n", remaining, k ); */
        for ( j = 0; j < pool; ++j )
            if ( selected[j] )
                if ( --k < 0 )
                    {
                    printf ( "%2d  "
    "%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X  "
    "%2d  -> %2d <-\n",
    usel+1, uc16[0],uc16[1],uc16[2],uc16[3],uc16[4],uc16[5],uc16[6],
    uc16[7],uc16[8],uc16[9],uc16[10],uc16[11],uc16[12],uc16[13],
    uc16[14],uc16[15], remaining, selected[j] );
                    selected[j] = 0;
        
                    break;
                    }
        }
     printf ( "\nDone, type any character to exit.\n" );
     getchar ();
     return 0;
     }
        
                    break;
                    }
        }
     printf ( "\nDone, type any character to exit.\n" );
     getchar ();
     return 0;
     }
        
     /* prompt for a positive non-zero integer input */
     /****************************************************************/
     long int getinteger ( char *string )
     {
     long int     i;
     int          j;
     char    tin[257];
        
     /* prompt for a positive non-zero integer input */
     /****************************************************************/
     long int getinteger ( char *string )
     {
     long int     i;
     int          j;
     char    tin[257];
        
     while ( 1 )
     {
     printf ( string );
     printf ( "(or 'exit' to exit) " );
     gets ( tin );
     j = sscanf ( tin, "%ld", &i );
     if (    ( j == EOF )
        
     while ( 1 )
     {
     printf ( string );
     printf ( "(or 'exit' to exit) " );
     gets ( tin );
     j = sscanf ( tin, "%ld", &i );
     if (    ( j == EOF )
        
         ||  ( !j && ( ( tin[0] == 'e' ) || ( tin[0] == 'E' ) ) )
             )
         exit ( j );
     if ( ( j == 1 ) &&
          ( i > 0 ) )
         return i;
     }   /* end while */
     }
        
         ||  ( !j && ( ( tin[0] == 'e' ) || ( tin[0] == 'E' ) ) )
             )
         exit ( j );
     if ( ( j == 1 ) &&
          ( i > 0 ) )
         return i;
     }   /* end while */
     }
        
     /* get remainder of dividing a 16 byte unsigned int
        by a small positive number */
     /****************************************************************/
     int longremainder ( unsigned short divisor,
                         unsigned char dividend[16] )
     {
     int i;
     long int kruft;
        
     /* get remainder of dividing a 16 byte unsigned int
        by a small positive number */
     /****************************************************************/
     int longremainder ( unsigned short divisor,
                         unsigned char dividend[16] )
     {
     int i;
     long int kruft;
        
     if ( !divisor )
         return -1;
     for ( i = 0, kruft = 0; i < 16; ++i )
         {
         kruft = ( kruft << 8 ) + dividend[i];
         kruft %= divisor;
        
     if ( !divisor )
         return -1;
     for ( i = 0, kruft = 0; i < 16; ++i )
         {
         kruft = ( kruft << 8 ) + dividend[i];
         kruft %= divisor;
        
         }
     return kruft;
     }   /* end longremainder */
        
         }
     return kruft;
     }   /* end longremainder */
        
    /* calculate how many bits of entropy it takes to select N from P */
    /****************************************************************/
    /*             P!
      log  ( ----------------- )
         2    N! * ( P - N )!
    */
        
    /* calculate how many bits of entropy it takes to select N from P */
    /****************************************************************/
    /*             P!
      log  ( ----------------- )
         2    N! * ( P - N )!
    */
        
    double NPentropy ( int N, int P )
    {
    int         i;
    double      result = 0.0;
        
    double NPentropy ( int N, int P )
    {
    int         i;
    double      result = 0.0;
        
    if (    ( N < 1 )   /* not selecting anything? */
       ||   ( N >= P )  /* selecting all of pool or more? */
       )
        return 0.0;     /* degenerate case */
    for ( i = P; i > ( P - N ); --i )
        result += log ( i );
    for ( i = N; i > 1; --i )
        result -= log ( i );
    /* divide by [ log (base e) of 2 ] to convert to bits */
    result /= 0.69315;
        
    if (    ( N < 1 )   /* not selecting anything? */
       ||   ( N >= P )  /* selecting all of pool or more? */
       )
        return 0.0;     /* degenerate case */
    for ( i = P; i > ( P - N ); --i )
        result += log ( i );
    for ( i = N; i > 1; --i )
        result -= log ( i );
    /* divide by [ log (base e) of 2 ] to convert to bits */
    result /= 0.69315;
        
    return result;
    }   /* end NPentropy */
        
    return result;
    }   /* end NPentropy */
        

Appendix A: History of NomCom Member Selection

附录A:NomCom成员选择的历史

For reference purposes, here is a list of the IETF Nominations Committee member selection techniques and chairs so far:

以下是迄今为止IETF提名委员会成员选择技巧和主席的列表,仅供参考:

YEAR CHAIR SELECTION METHOD

年主席选择方法

1993/1994 Jeff Case Clergy 1994/1995 Fred Baker Clergy 1995/1996 Guy Almes Clergy 1996/1997 Geoff Huston Spouse 1997/1998 Mike St.Johns Algorithm 1998/1999 Donald Eastlake 3rd RFC 2777 1999/2000 Avri Doria RFC 2777 2000/2001 Bernard Aboba RFC 2777 2001/2002 Theodore Ts'o RFC 2777 2002/2003 Phil Roberts RFC 2777 2003/2004 Rich Draves RFC 2777

1993/1994 Jeff Case神职人员1994/1995 Fred Baker神职人员1995/1996 Guy Almes神职人员1996/1997 Geoff Huston配偶1997/1998 Mike St.Johns算法1998/1999 Donald Eastlake 3rd RFC 2777 1999/2000 Avri Doria RFC 2777 2000/2001 Bernard Aboba RFC 2777 2001/2002 Theodore Ts'o RFC 2777 2002/2003 Phil Roberts RFC 2777 2003/2004 Rich Draves RFC 2777

Clergy = Names were written on pieces of paper, placed in a receptacle, and a member of the clergy picked the NomCom members.

神职人员=姓名写在纸片上,放在一个容器中,神职人员挑选NomCom成员。

Spouse = Same as Clergy except chair's spouse made the selection.

配偶=与神职人员相同,但主席的配偶做出选择。

Algorithm = Algorithmic selection based on similar concepts to those documented in RFC 2777 and herein.

算法=基于RFC 2777和本文中记录的类似概念的算法选择。

RFC 2777 = Algorithmic selection using the algorithm and reference code provided in RFC 2777 (but not the fake example sources of randomness).

RFC 2777=使用RFC 2777中提供的算法和参考代码进行算法选择(但不是随机性的假示例源)。

Appendix B: Changes from RFC 2777

附录B:RFC 2777的变更

This document differs from [RFC 2777], the previous version, in three primary ways as follows:

本文件与[RFC 2777]之前的版本在以下三个主要方面有所不同:

(1) Section 5, on problems actually encountered with using these recommendations for selecting an IETF NomCom and on how to handle them, has been added.

(1) 第5节,关于使用这些建议选择IETF NomCom时实际遇到的问题以及如何处理这些问题,已经添加。

(2) The selection algorithm code has been modified to handle pools of up to 2**16-1 elements and the counter based prefix and suffix concatenated with the key string before hashing has been extended to two bytes.

(2) 选择算法代码经过修改,可以处理多达2**16-1个元素的池,基于计数器的前缀和后缀在散列扩展到两个字节之前与键字符串连接。

(3) Mention has been added that the algorithm documented herein was used by IANA to select the Internationalized Domain Name ACE prefix and some minor wording changes made.

(3) 还提到,IANA使用本文中记录的算法来选择国际化域名ACE前缀,并对一些措辞进行了细微更改。

(4) References have been divided into Informative and Normative.

(4) 参考文献分为信息性参考文献和规范性参考文献。

(5) The list in Appendix A has been brought up to date.

(5) 附录A中的列表已更新。

Acknowledgements

致谢

Matt Crawford and Erik Nordmark made major contributions to this document. Comments by Bernard Aboba, Theodore Ts'o, Jim Galvin, Steve Bellovin, and others have been incorporated.

马特·克劳福德和埃里克·诺德马克对本文件做出了重大贡献。伯纳德·阿博巴、西奥多·曹、吉姆·加尔文、史蒂夫·贝洛文和其他人的评论已被纳入。

References

工具书类

Normative References

规范性引用文件

[ASCII] "USA Standard Code for Information Interchange", X3.4, American National Standards Institute: New York, 1968.

[ASCII]“美国信息交换标准代码”,X3.4,美国国家标准协会:纽约,1968年。

[RFC 1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, April 1992.

[RFC 1321]Rivest,R.,“MD5消息摘要算法”,RFC 1321,1992年4月。

[RFC 1750] Eastlake, 3rd, D., Crocker, S. and J. Schiller, "Randomness Recommendations for Security", RFC 1750, December 1994.

[RFC 1750]伊斯特莱克,第三,D.,克罗克,S.和J.席勒,“安全的随机性建议”,RFC 1750,1994年12月。

[RFC 3174] Eastlake, 3rd, D. and P. Jones, "US Secure Hash Algorithm 1 (SHA1)", RFC 3174, September 2001.

[RFC 3174]Eastlake,3rd,D.和P.Jones,“美国安全哈希算法1(SHA1)”,RFC 3174,2001年9月。

Informative References

资料性引用

[RFC 3777] Galvin, J., "IAB and IESG Selection, Confirmation, and Recall Process: Operation of the Nominating and Recall Committees", BCP 10, RFC 3777, April 2004.

[RFC 3777]Galvin,J.,“IAB和IESG的选择、确认和召回过程:提名和召回委员会的运作”,BCP 10,RFC 3777,2004年4月。

[RFC 2777] Eastlake, 3rd, D., "Publicly Verifiable Nomcom Random Selection", RFC 2777, February 2000.

[RFC 2777]伊斯特莱克,第三届,D.,“可公开验证的Nomcom随机选择”,RFC 2777,2000年2月。

[RFC 3490] Falstrom, P., Hoffman, P. and A. Costello, "Internationalizing Domain Names in Applications (IDNA)", RFC 3490, March 2003.

[RFC 3490]Falstrom,P.,Hoffman,P.和A.Costello,“应用程序中的域名国际化(IDNA)”,RFC 3490,2003年3月。

Author's Address

作者地址

Donald E. Eastlake, 3rd Motorola Laboratories 155 Beaver Street Milford, MA 01757 USA

Donald E.Eastlake,第三摩托罗拉实验室美国马萨诸塞州米尔福德海狸街155号01757

   Phone: +1-508-786-7554(w)
          +1-508-634-2066(h)
   EMail: Donald.Eastlake@motorola.com
        
   Phone: +1-508-786-7554(w)
          +1-508-634-2066(h)
   EMail: Donald.Eastlake@motorola.com
        

Full Copyright Statement

完整版权声明

Copyright (C) The Internet Society (2004). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.

版权所有(C)互联网协会(2004年)。本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。

This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

本文件及其包含的信息是按“原样”提供的,贡献者、他/她所代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。

Intellectual Property

知识产权

The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.

IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。

Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.

向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.

The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.

IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.

Acknowledgement

确认

Funding for the RFC Editor function is currently provided by the Internet Society.

RFC编辑功能的资金目前由互联网协会提供。