Re: [Cfrg] Response to the request to remove CFRG co-chair

Watson Ladd <> Fri, 10 January 2014 16:33 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id C830C1AE10C; Fri, 10 Jan 2014 08:33:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=unavailable
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id fsiN_aKpwWLe; Fri, 10 Jan 2014 08:33:14 -0800 (PST)
Received: from ( [IPv6:2a00:1450:400c:c03::232]) by (Postfix) with ESMTP id 880AD1AE11A; Fri, 10 Jan 2014 08:33:11 -0800 (PST)
Received: by with SMTP id t60so4333921wes.9 for <multiple recipients>; Fri, 10 Jan 2014 08:33:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=hf7E7bN14TMNHTXXONAy7THGKLwfpi5sFu0OkvWaeyE=; b=GMJMEwoOMnJ8ogHMER8q7RJAT/gY6K1j8fvhpeor/wN/JNYThgSGug4NGW8rRIBI8D q69mLT+Msi3FSrzjOwepH/qbqEnfViNANdDiESE7BJz/YQWC5C8A+W9Zy5izoOE5Lhjw 1NvGYeEN/Ye0fxVywSvLdy1f+hxmXeeG2n7D3BR3OSEs5eXqgXDOy7nY6H+gd4arOWVN kehfPAlMZLgodzy+2nKhiEGuOYrygUmg/Eef2VslVva2bsvBnqXudYcU4TwvLDQO7EPV giNGpmQjGQHxri9ix/mkjgiCTeeKXbOTsxOaTvVb/QcVxfZ1HE1lAVLvNOgujrkVwa4b HXPw==
MIME-Version: 1.0
X-Received: by with SMTP id by2mr9073751wjc.59.1389371581079; Fri, 10 Jan 2014 08:33:01 -0800 (PST)
Received: by with HTTP; Fri, 10 Jan 2014 08:33:00 -0800 (PST)
In-Reply-To: <>
References: <> <> <> <> <> <> <> <> <> <> <>
Date: Fri, 10 Jan 2014 08:33:00 -0800
Message-ID: <>
From: Watson Ladd <>
To: Stephen Farrell <>
Content-Type: text/plain; charset="UTF-8"
Cc: Adam Back <>, "" <>, David McGrew <>, "" <>, Trevor Perrin <>, IAB IAB <>
Subject: Re: [Cfrg] Response to the request to remove CFRG co-chair
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 10 Jan 2014 16:33:17 -0000

On Fri, Jan 10, 2014 at 8:18 AM, Stephen Farrell
<> wrote:
> Trevor,
> Some responses below but I honestly think this exchange has
> otherwise run its course.
> On 01/10/2014 03:35 AM, Trevor Perrin wrote:
>> It's time
>> for our leadership to summon their courage and take a stand.
> Taking a stand sounds lovely, but ineffective. I prefer that
> we try to improve the Internet and harden it against pervasive
> monitoring. If you think the IETF hasn't been working on that
> then perhaps you need to pay more attention, for example, I
> didn't notice any comment from you on the IETF LC for [1], nor
> on the perpass list [2] since October, nor on the UTA list [3]
> nor have I seen a submission from you for the upcoming IAB/W3C
> workshop [4] on this topic that'll happen before IETF-89 (but
> you do still have time for that last so why not shoot one in:-).
>    [1]
>    [2]
>    [3]
>    [4]

And this has made mass surveillance harder how?
This has had about as much effect as the CRYPTO '13 rump session.
In fact, one summary of perpass is that it is entirely taking a stand.
I've only seen one proposal (point to point encryption of optical
lines) come out
that would make life tricker for the NSA, and that one has been kicked to

> Its entirely reasonable that you do none of the above and just
> focus on e.g. CFRG or TLS but its neither reasonable nor helpful
> to ignore everything else that's going on *and* make grandiose,
> calls for "taking a stand" such as the above.
>> I do think Kevin's removal should be a rebuke to the NSA.
> I think that would be an inappropriate action. IMO neither the
> IRTF nor IETF are the business of "rebuking" NSA or anyone else.
> Its fine that you disagree.

And draft-farrell-perpass-attack isn't a rebuke?

>>> Once you start to recognise affiliation in the way that is implied
>>> in the last part of your request, then you need processes that
>>> deal with the organisations and not the individuals and that very
>>> quickly tends to turn into a discussion about membership which
>>> then also quickly turns into one about paid membership and voting.
>>> You can believe me on this or not, but do bear in mind its far too
>>> boring an argument to want to deal with all the ins and outs;-)
>> In what way have I "implied" recognizing affiliation, beyond common
>> sense?  What new processes would we need to "deal with organizations"?
>> Please explain.  This is a major objection that's been raised to the
>> request.  You can't just handwave that we need to believe you, or that
>> it's too "boring" to get into.
>> If this is a serious objection it needs to be explained seriously.
> As I've said before, I do not believe Kevin's actions warrant
> replacing him as chair and therefore the only basis left on which
> he would be fired is purely his affiliation. Doing so would mean
> recognising participant affiliation in a new and quite damaging
> way. Again, its fine that you don't agree.

It's the combination of the actions and affiliations. Imagine Dragonfly
had more than just a certificational flaw, and the TLS WG accepted the
CFRG response. Would you still considert hat an innocent mistake?

Kevin has also carried water for Certicom to shed doubt on Montgomery curves,
reiterating baseless summaries of IPR disclosures. This has happened more
recently, but deserves consideration.

> Were the IRTF or IETF to do that for chairing in an automatic
> manner (e.g. "no NSA personnel are acceptable as chair") then
> to be consistent and fair we would have to start doing that
> for other cases too, e.g. when considering last calls, which
> leads quickly to voting, and membership. If you want an example
> of how that would go, please see e.g. the giant thread that
> starts at [5] and the even bigger discussion in the rtcweb
> working group. Or spend a bit of time reading the archives
> of IPR list [6] and you'll see how most kinds of increased
> recognition of affiliation lead towards membership. (And when
> you're done, then tell me its not boring:-)

This argument starts off by saying that last calls are like being a chair.
And that isn't true. The chair has a lot more power than anyone in a last
call. I feel as though the argument for keeping Kevin has taken the arguments
against in the weakest possible form, rather than the strongest.

>   [5]
>   [6]
> What is done now is that we trust other individuals to handle
> such matters, we do stuff openly allowing anyone who turns up
> on the list to have their say, we have appeal processes, and (in
> the IETF) recall and nomcom processes for leadership. In this
> case the IRTF chair handled your request, with a result with
> which I agreed and you disagreed, and the IAB will handle your
> appeal of that I guess, and I think that's the right thing
> to happen.
> S.
> _______________________________________________
> Cfrg mailing list

"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin