[Cryptech Core] Budget, accounts payable, and NGI Trust project

Joachim Strömbergson joachim at assured.se
Tue Feb 25 20:34:21 UTC 2020


On 2020-02-25 16:19, kodonog at pobox.com wrote:
> Coming from the business side of the house, I would defer to the desires
> of the developer team. I think this sounds reasonable. We do need to be
> sure that we understand the resources that will be required to meet the
> NGI grant deliverables and prioritize those going forward. And, we need
> to be realistic/conservative.

Exactly, this is the crucial thing.

In the NGI_trust application we stipulated what we wanted to do, and the
order to do them. What we wanted to do is very high level. We broke down
the high level goals in a meeting (Peter Stuge did a good job driving
that goal breakdown). If we look at the application we have:

NGI Deadlines
* Deadline January 2020. Updated KiCAD board design.

* Deadline March: Version 2.0 of the Cryptech board design

* Deadline April: Manufacturing test run of new boards

* Deadline June: New cores. SW etc for V2 board validation

* Deadline August: Final SW for V2 board

The activities for the deadline in January seems to have been met. Pavel
is to verify that the generated gerbers matches the old design generated
by Altium. With the difference being the minor fixes that has been done.

I'm worried about the next deadline.

The big problem money wise I see is that we are supposed to complete the
updated design and prepare to do a manufacturing run. In the NGI_Trust
application, the updated ModExp cores are part of the work to be done
for the deadline in June. So we have basically moved a lot of that work
package to before the preceeding deadlines. If we had the money this
would not be a problem. But I'm worried we will not be able to do the
manufacturing run.

And I (and Assured) will be the one responsible for trying to explain
this to NGI_trust. We can of course motivate the new cores that they
make the old board better too. But right now we have deviated from the
plan we stated in the application and received the funding for.


> On 24 Feb 2020, at 23:31, Pavel Shatov wrote:
>> On 20.02.2020 1:14, Rob Austein wrote:
>>> I'm writing on behalf of the "Cryptech Board" created as part of
>>> moving the project home to NLnet/Commons Conservancy.  In spite of the
>>> name, the board has no real authority to make decisions, we're really
>>> more of a liaison group to NLnet.  Real decision making still rests
>>> with the core team.  Hence this note.
>>> As some of you are all too aware, there have been some hold-ups
>>> paying Cryptech developers for current work.  The reason for this is
>>> simple: we're down to a fairly small pot of money, almost all of which
>>> has strings attached.
>>> Current status: we have a current balance of just under 77,000 EUR,
>>> 70,000 of which is the initial block of NGI grant money (the pot with
>>> strings attached).  We currently owe Pavel about 21,000 EUR, and Paul
>>> about 9,000 EUR, all for work done since the start of the NGI project
>>> and submitted for payment.  That leaves about 47,000 EUR to get the
>>> rest of the NGI project done.
>>> Assuming we tick all the boxes from the project plan, our work is
>>> approved as meeting what we said we'd do at the end, and we raise
>>> enough money from other sources to satisfy the matching requirements,
>>> we get about another 100,000 from NGI in September.  Not a sure thing.
>>> We think that all the work Pavel has been doing qualifies under the
>>> NGI deliverables (faster ModExp was on the plan).  The driver and
>>> performance test work Paul has been doing should also qualify, same
>>> reasoning.  The one bit of current work we're not sure about is the
>>> stuff Paul did to support storing wrapped keys outside the HSM: this
>>> is not listed explicitly in the "new SW core functionality" section of
>>> the etherpad notes from November, but easily could have been, given
>>> that it was the one missing feature ARIN said would have been a
>>> showstopper for them, back when they were evaluating us for their
>>> current HSM purchase round.  We're inclined to say it qualifies.
>>> Given the size of the pot, the board is hereby proposing that, for the
>>> duration of the NGI project or until we (somehow) obtain adequate
>>> funding from other sources, we do the following:
>>> 1. Pay the amounts currently owed.  Yes they're large compared to the
>>>     total size of the current pot, but the work was done in good faith
>>>     with the expectation of being paid, expecting developers to accept
>>>     a retroactive rule change does not seem fair or reasonable.
>>> 2. Effective immediately, we switch to a model where the remaining
>>>     funding is split up equally among the project goals, with the
>>>     understanding that if, by some miracle, achieving one of the goals
>>>     does not take that goal's full share, the remainder gets thrown
>>>     back into the pot to be shared among the other goals.  This seems
>>>     the least unfair way to allocate limited funding.  It's not great,
>>>     it just sucks less than the alternatives.  If and when we get
>>>     sufficient other funding, we can go back to the old rules.
>>>     "Effective immediately" in the previous paragraph refers to work
>>>     done after today.  Given that there is active work in progress, we
>>>     will almost certainly owe a bit more than the sums above already
>>>     owed to Paul and Pavel (mostly past due at this point, ouch).
>>> 3. 7,000 of the current 47,000 presumably comes from non-NGI sources.
>>>     In an ideal world, we'd spend that covering any outstanding
>>>     requests for payment from before the NGI project started, eg
>>>     anything left unpaid from work Pavel did on ModExpNG over the
>>>     summer.  Further, we would argue that Pavel has first call on such
>>>     funding, because that was what the core team agreed a year ago when
>>>     it became obvious that we were going to be going through a dry
>>>     period: core discussed work in progress and concluded that ModExpNG
>>>     was the most critical project in progress, and therefore should get
>>>     what funding we could find.
>>>     All that said, at this point 7,000 is a significant portion of what
>>>     we have left, so we would understand if core feels that we can't
>>>     spare it at this time.  Nevertheless, the board's recommendation is
>>>     that we earmark this 7,000 towards paying down whatever we still
>>>     owe Pavel for the period before the NGI project started.
>>> So now it's up to core to decide whether to adopt the above plan or
>>> not.  This has been dragging on for much too long, so there's some
>>> urgency.  In the interest of resolving this, silence will be construed
>>> as agreement with the above plan.
>>> -- Your Friendly Neighborhood Cryptech Board (Leif, Stephen, and Rob)
>>> _______________________________________________
>>> Core mailing list
>>> Core at cryptech.is
>>> https://lists.cryptech.is/listinfo/core
>> I wonder what the appropriate timeout for waiting for objections would
>> be?
>> -- 
>> With best regards,
>> Pavel Shatov
>> _______________________________________________
>> Core mailing list
>> Core at cryptech.is
>> https://lists.cryptech.is/listinfo/core
> _______________________________________________
> Core mailing list
> Core at cryptech.is
> https://lists.cryptech.is/listinfo/core

Med vänlig hälsning, Yours

Joachim Strömbergson
                               Assured AB

More information about the Core mailing list