Re: [Cfrg] Time to recharter CFRG as a working group? Was: Re: [secdir] ISE seeks help with some crypto drafts

"Blumenthal, Uri - 0553 - MITLL" <> Wed, 13 March 2019 01:45 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7A2B3127887; Tue, 12 Mar 2019 18:45:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.196
X-Spam-Status: No, score=-4.196 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_MED=-2.3, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id iAMJnG-Lxnli; Tue, 12 Mar 2019 18:45:12 -0700 (PDT)
Received: from (LLMX3.LL.MIT.EDU []) by (Postfix) with ESMTP id 8E07312705F; Tue, 12 Mar 2019 18:45:12 -0700 (PDT)
Received: from ( by (unknown) with ESMTP id x2D1jA6P037349; Tue, 12 Mar 2019 21:45:10 -0400
From: "Blumenthal, Uri - 0553 - MITLL" <>
To: denis bider <>, Michael StJohns <>
CC: secdir <>, CFRG <>, "RFC ISE (Adrian Farrel)" <>
Thread-Topic: [Cfrg] Time to recharter CFRG as a working group? Was: Re: [secdir] ISE seeks help with some crypto drafts
Thread-Index: AQHU15MRh5fmrRoU9kWbbFEvG0YyAKYFyJ4AgAB9cQCAAlh9AIAAHb0AgABSFgD//79BAA==
Date: Wed, 13 Mar 2019 01:45:09 +0000
Message-ID: <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
user-agent: Microsoft-MacOutlook/
x-originating-ip: []
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha256; boundary="B_3635271908_534907953"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-03-13_01:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1903130010
Archived-At: <>
Subject: Re: [Cfrg] Time to recharter CFRG as a working group? Was: Re: [secdir] ISE seeks help with some crypto drafts
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 13 Mar 2019 01:45:16 -0000

Again, I respectfully disagree. 


I see the charters of IETF WG and of IRTF RG different enough, with different goals, different milestones and measurements of success, so that molding one into the other IMHO would be counterproductive and won’t make sense (I’ve been with IETF since 1992, and co-chaired an RG group for a couple of years – so I think I have at least some practical appreciation for the differences).


Feel free to create another group – say, Crypto WG in IETF, draft a charter for it, and see where people would prefer to participate. Let one of the two wither, and the other one prosper. 😉





From: Cfrg <> on behalf of denis bider <>
Date: Tuesday, March 12, 201911 at 21:38
To: Michael StJohns <>
Cc: secdir <>rg>, CFRG <>rg>, "RFC ISE (Adrian Farrel)" <>
Subject: Re: [Cfrg] Time to recharter CFRG as a working group? Was: Re: [secdir] ISE seeks help with some crypto drafts


For what it's worth, I think the counterpoint to "don't fix it if it isn't broken" is "it's going to have to break before it's fixed".


It is not generally advisable to wait with fixing bridges until they're actually broken, for example.


I think Michael is raising a legitimate issue and intuitively, it sounds like the proper answer might be a dual charter as WG + RG. Perhaps this is unusual, but it is an unusual group. I think it would be appropriate for this group.





On Tue, Mar 12, 2019 at 3:43 PM Michael StJohns <> wrote:

On 3/12/2019 2:56 PM, Richard Barnes wrote:

Big +1 here.  It's not broke, so let's not fix it, especially for purely process-wonk reasons.

Except its not quite just for process-wonk reasons.  The last couple of discussions have been about the IPR related to OCB and whether the CFRG should work on it because of that.   That's a perfectly fine set of discussions for a standards WG especially when considering which modes to include under recommended and mandatory to implement, but is probably out of place for an RG.     The RG ought to be answering the question "does this proposal have security flaws" and not "has the patent expired on this" but we seem to be getting far past the "discussing and analyzing" part of the CFRG charter?
Our goal is to provide a forum for discussing and analyzing general
cryptographic aspects of security protocols, and to offer guidance on the use
of emerging mechanisms and new uses of existing mechanisms.

I'd really like the CFRG to continue to be a place where anything cryptographic can be brought to be evaluated on its merits - but that - IMHO - doesn't seem to be the recent trend.

I note that the CFRG has already published RFC7253 on OCB and the IETF published an RFC on MD5 many many years ago, so unless there are new security flaws in this set of documents, the answer to the ISE should be a no brainer of "we don't see any problems with the publication".    And at some point the patents *will* expire even if its not the 1-2 years that one poster suggested.

In any event, I'm not going to push for this at this time, but I'm still confused about what would have to change if the charter were turned into a WG charter.

Later, Mike



On Mon, Mar 11, 2019 at 3:08 AM John Mattsson <> wrote:

I think it is much more important that CFRG stays a Research Group, than it is that CFRG can produce standards track documents. CFRG is unique and fills a very important roll. The fact that CFRG documents are used so much indicates to me that CFRG is working very well. I would be very hesitant in changing something that works.






Cfrg mailing list