16:47:27 <sarang> Weekly meeting begins here at 17:00 UTC (about 15 minutes from now)
16:59:18 <sarang> OK, let's get started with our meeting!
16:59:26 <sarang> Agenda: https://github.com/monero-project/meta/issues/498
16:59:28 <sarang> First, GREETINGS
16:59:30 <sarang> hello
16:59:36 <ArticMine> Hi
16:59:37 <moneromooo> GREETINGS
17:00:21 <sarang> Are midipoet and/or Isthmus here?
17:00:30 <midipoet> yep
17:00:38 <midipoet> thanks for the ping. was making tea
17:00:43 <sarang> great
17:00:50 <sarang> Let's move right to ROUNDTABLE then
17:00:56 <sarang> midipoet: you had posted in the agenda something to discuss
17:01:32 <midipoet> i did
17:01:59 <midipoet> https://github.com/monero-project/meta/issues/498#issuecomment-672216054
17:02:14 <midipoet> i am not sure if people had managed to read/digest
17:02:44 <midipoet> am happy to provide context/answer questions about this
17:02:51 <sarang> The gist is that you (midipoet) have been working with an ISO technical group regarding privacy and PII in blockchain applications
17:03:04 <midipoet> yes, that and some other WGs
17:03:08 <sarang> and that I (sarang) have been providing some feedback on the working draft of a document for this
17:03:36 <sarang> Fortunately these comments have halted the process for the document and allowed for a return to a comment period
17:03:45 <sarang> However, you had suggested that I join the process formally
17:04:00 <sarang> Unfortunately, my country's representation requires a steep annual fee to join (grrrrr)
17:04:31 <sarang> I had questioned whether or not this should be considered a good value for the community and ecosystem
17:04:37 <sgp_> Hello
17:04:39 <sarang> hi
17:05:19 <midipoet> "halted is not technically correct. As far as i know the document stands, with request for amendments/corrections/addendums. there is a 4 week process for this (of which 2 have passed)
17:05:25 <sarang> The comment period for this document is only a couple of additional weeks, but I've provided midipoet with a detailed list of recommended changes
17:05:33 <sarang> ok thanks midipoet
17:06:10 <sarang> Isthmus mentioned in a subsequent comment to the agenda issue that his organization may be interested in sponsoring this fee
17:06:13 <sgp_> The membership agreement includes a possible fee waiver so I will help Sarang try that first
17:06:22 <sarang> but I have not spoken with Isthmus directly about this option
17:06:50 <sarang> Anyway, I am willing and interested to join the group and continue to provide technical feedback, but I do not like the steep pay-to-play nature of the U.S.'s involvement
17:07:00 <midipoet> sgp_: great idea. for the record, the convener John Greaves is well versed in open source, and as far as i know works for Consensys Health (for better or worse)
17:07:00 <ArticMine> So if I understand correctly is the  fee the only barrier?
17:07:12 <sarang> Yes
17:07:17 <sarang> and the fairly short timeline, I suppose
17:07:46 <sarang> But again, I already have prepared a detailed list of recommended changes to correct many technical errors
17:07:52 <midipoet> also, bear in mind it seems to be a yearly fee. however, there is potential to get a reduced rate down to ~$1370 or even ~$400
17:07:58 <sgp_> The fee will not be a problem and you should join, though I will still try to get it waived
17:08:38 <sarang> Note that I'm sure my affiliation would not be listed as "Monero" or anything like that, since I don't "work for" Monero
17:09:16 <midipoet> i think you just go under the national delegation (ie US - ITIC)
17:09:29 <midipoet> that's how it is done for the most, afaict
17:09:46 <sarang> I mean only that the decision of whether or not to support this idea should not be made on the assumption that the name "Monero" gets to appear in standards-related materials
17:09:52 <sarang> because it almost certainly will not
17:10:03 <midipoet> i don't even think the authors get names
17:10:05 <midipoet> *named
17:10:06 <sarang> and I don't intend to favor Monero or any project in my partipation
17:10:11 <sarang> *participation
17:10:22 <midipoet> it's really about ensuring the actual docs are as correct as we would like
17:10:25 <sgp_> Then what are we paying you for /s
17:10:26 <sarang> right
17:10:30 <sarang> sigh
17:10:44 <midipoet> and also about ensuring the perspectives of open source/decentralised/permissionless networks are catered for
17:10:52 <sarang> My goal is to ensure technical correctness, a goal which I don't think was met by the initial draft that I saw
17:10:54 <ArticMine> ^ this is key
17:11:00 <midipoet> as for the most part, in these groups, they are not (though they are respected)
17:11:41 <sarang> So how do folks think we should proceed?
17:12:15 <sgp_> Definitely join, though ask first to waive fee
17:12:38 <sarang> It seems the fee structure assumes members are part of large rich companies
17:12:47 <ArticMine> either waive or raise the fee
17:12:58 <ArticMine> or a combination of both
17:13:10 <midipoet> i vote join, especially given the time, as there will be some intro/admin/setup to do on the side of ITIC. sarang will also have to learn the ISO IT system - which is HORRIBLE
17:13:17 <sarang> o_0
17:13:47 <sarang> midipoet: do you think there will be adequate time to properly raise my concerns and suggestions before the comment timeline has elapsed?
17:13:52 <sarang> I had _many_ suggestions
17:14:09 <ArticMine> <sarang> It seems the fee structure assumes members are part of large rich companies <--- Which is why the technical balance sarang will bring is so important
17:14:17 <sarang> ArticMine: I agree
17:14:28 <midipoet> sarang: yes - but you will have to tone it down to a few key ones.
17:14:34 <sarang> That will be tough
17:14:41 <sarang> I thought the document was severely lacking
17:14:53 <midipoet> otherwise the WG wont have time to find consensus
17:14:57 <midipoet> and that is more important
17:15:14 <sarang> If they add "cryptographic constructions and protocols are different" then I will be happy
17:15:19 <sarang> and if they properly define Pedersen commitments...
17:15:24 <midipoet> no, i get it
17:15:35 <midipoet> the urgency is in there, not here
17:16:44 <sarang> The risk with raising the fee is that I'd have to join now and pay out of pocket, and hope that such a CCS is accepted and funded, or otherwise sponsored by a group like Isthmus's company
17:16:57 <sarang> (note that any such company would specifically _not_ have any say over how I participate)
17:17:48 <sarang> I do not think the CCS process should be adjusted for this particular case
17:19:08 <midipoet> would you mind rolling it into the next three CCSs? to distribute the cost over the course of the year membership?
17:19:31 <midipoet> you would obviously have to absorb the direct cost immediately though...
17:20:23 <sarang> I think it best to have a separate CCS, to make it very clear what the intent and purpose and cost are
17:20:39 <sarang> The group claim that they do not prorate fees, and the membership period ends in November
17:21:01 <sarang> It also appears like there is a separate mandatory fee of something like $300 on top of the $2200 (which is itself lowered for "small organizations")
17:21:08 <Isthmus> Hey, driving through mountains, have internet for about 30 seconds every 5 minutes, lol.
17:21:08 <Isthmus> Here was my comment: "I'm cool with sponsoring some or all of the ITIC membership. It's pretty standard for tech employers to set aside funds for personal professional/career development as part of a competitive benefits package. A privacy/Monero-savvy voice in ITIC is also likely to be beneficial for the wider community as well, so it seems like a win-win to me."
17:21:08 <Isthmus> To clarify, I cannot offer Insight's benefit package to sarang. I was commenting that since sarang is employed by Monero, covering something like this would be in line with industry best practices.
17:21:13 <sarang> So the cost is likely around $2500 maximum (all USD)
17:21:36 <sarang> Isthmus: was I misinterpreting the nature of an Insight sponsorship?
17:21:42 <sarang> Perhaps I misread
17:21:53 <Isthmus> I didn't say anything about Insight
17:21:57 <Isthmus> Sorry :- (
17:21:59 <sarang> OK, then I definitely misread
17:22:04 <sarang> Ignore everything I said earlier about Insight!
17:22:16 <sarang> Also, I am not employed "by Monero" to be clear
17:22:26 <Isthmus> yea yea you know what I mean
17:22:53 <sarang> I read "I'm cool with sponsoring" as implying Insight, which was obviously not correct
17:22:58 <sarang> Apologies for the confusion
17:23:17 <sgp_> I think we are all cool with this and are now talking in circles lol
17:23:26 <ArticMine> Yes
17:23:29 <sarang> OK, I'll join out of pocket, look into a fee reduction or waiver, and propose a CCS for the remainder
17:23:47 <sarang> and hope for the best :D
17:24:00 <midipoet> i would be a bit wary of relying on the creation and fulfilment of a CCS before joining. that seems like it may take a week (min) in itself
17:24:26 <midipoet> i understand why sarang does not want to pay out of pocket however
17:24:28 <sarang> Yes, I mean join out of pocket and _then_ propose the CCS, to avoid missing the timeline for comment
17:24:28 <Isthmus> +1 to sgp/sarang/artic
17:24:47 <sarang> The CCS process takes time, and should not be rushed for this
17:24:50 <midipoet> sarang: ah understood. yes, then i agree.
17:25:04 <sarang> OK thanks midipoet for your involvement in this standards process
17:25:12 <sarang> This is the time to get involved!
17:25:14 <sarang> Moving on
17:25:24 <sarang> Isthmus: you had posted some material to the agenda
17:26:13 <sarang> Care to discuss now?
17:27:30 <sarang> Namely, Isthmus referenced this CCS update: https://repo.getmonero.org/monero-project/ccs-proposals/-/merge_requests/142#note_10181
17:28:25 <sarang> I think this is fascinating, and commented that I might recommend more clearly labeling the risk assessments to make it _exceptionally_ clear what is vulnerable _today_ versus what would be vulnerable given a hypothetical future quantum adversary
17:28:46 <sarang> on the assumption that graphs, charts, plots, etc. will be shared out of context and could be misinterpreted, either accidentally or intentionally
17:29:15 <sgp_> agreed with your comment sarang
17:29:52 <sarang> e.g. the light-red category (labeled 1) could easily be misinterpreted as meaning "vulnerable today" when it's not the case
17:30:17 <sgp_> the scale also seems weird; is 6 the highest protection or is 4?
17:30:38 <midipoet> i know the answer to this one. 6 is higher than 4
17:31:48 <sarang> It appears that Isthmus may be away right now, but that chart is full of interesting information
17:31:56 <sarang> I really look forward to the full repots
17:32:00 <sarang> s/repots/reports
17:32:00 <monerobux> sarang meant to say: I really look forward to the full reports
17:32:03 <sarang> goot bot
17:33:29 <sarang> I've been working on Triptych/Arcturus optimizations, BP+, some detailed lit review relating to interesting hash-based attacks, some MRL-0010 analysis relevant to the recent swap proposal
17:33:44 <sarang> Nothing quite as succinct as Isthmus's chart =p
17:33:55 <sarang> Does anyone else have research of interest to share with the channel?
17:34:11 <ArticMine> Yes
17:34:16 <sarang> Please go ahead!
17:34:31 <ArticMine> I have a short update on issue 70 https://github.com/monero-project/research-lab/issues/70
17:34:33 <sarang> (Note that I will have to duck out of the meeting at 17:40 UTC for an appointment, so please continue/conclude without me if needed)
17:35:58 <ArticMine> I reviewed the comments and there is a likely change making the longterm median a floor for the short term median
17:36:21 <ArticMine> I am looking at the spam risk implications of this first
17:36:28 <ArticMine> that is all
17:36:50 <sarang> OK thanks ArticMine!
17:36:59 <sarang> Does anyone else wish to share anything of interest?
17:39:15 <sarang> If not, I suppose we can go ahead and adjourn early; discussion can of course continue, but logs posted to the agenda will end here
17:39:19 <sarang> Thanks to everyone for joining!
17:39:29 <kinghat[m]> how is surae doing?
17:50:37 <Isthmus> If you’re getting these messages, I’ve hit a spot of reception, w00t!
17:50:38 <Isthmus> Please remember that our research is strictly focused on how Monero’s mechanisms are impacted by known *algorithms* and has nothing to do with the timeline for quantum computers.
17:50:38 <Isthmus> A cell value of “1” simply means that {{column title}} could impact the current mechanism for {{row name}}.
17:50:38 <Isthmus> Also, don’t think too hard about the chart - it’s not a public deliverable, just a progress tracker for purpose of CCS milestone.
17:50:38 <Isthmus> Writing up the explanations for each cell takes a lot of time/pages, and is what we are currently working on :- )
17:50:38 <Isthmus> Also, the color scale is not linear, so 4 and 6 are not orderable.
17:50:38 <Isthmus> I should have used letters, not numbers (which imply a scale), so I’ll take the blame & shame on this one. Sorry to be accidentally misleading
17:51:13 <sgp_> kinghat[m]: refer to https://twitter.com/BGGoodell
17:51:48 <sgp_> Isthmus: all good, it;s an awesome draft haha
17:53:37 <kinghat[m]> i guess alive if good 👍️
17:53:37 <kinghat[m]> is*
17:57:12 <Shor> hey ya'll, I'm Isthmus partner
17:57:22 <Shor> for the pq-monero project
17:57:49 * moneromooo understands now why Isthmus is so interested in quantum stuff
17:58:36 <Shor> I have internet and can answer any brief questions ya'll might have on it
17:59:27 <sarang> Why's that moneromooo
17:59:33 <sgp_> Shor: thanks for being here!
17:59:50 <moneromooo> sarang: < Shor> hey ya'll, I'm Isthmus partner
18:00:10 <moneromooo> sarang:   ^^^^
18:00:31 * moneromooo flees
18:06:56 <UkoeHB_> lmao
18:20:18 <sarang> Isthmus: got it, but individual charts/plots _will_ be shared without context
18:40:29 * sarang goes to wade through ISO committee documentation