IETF Logo Mail Archive

Re: [Cfrg] NSA sabotaging crypto standards

Watson Ladd <watsonbladd@gmail.com> Thu, 06 February 2014 17:00 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6F581A013C for <cfrg@ietfa.amsl.com>; Thu, 6 Feb 2014 09:00:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M42jOQU5Y3OL for <cfrg@ietfa.amsl.com>; Thu, 6 Feb 2014 09:00:46 -0800 (PST)
Received: from mail-we0-x231.google.com (mail-we0-x231.google.com [IPv6:2a00:1450:400c:c03::231]) by ietfa.amsl.com (Postfix) with ESMTP id 167261A00F4 for <cfrg@irtf.org>; Thu, 6 Feb 2014 09:00:45 -0800 (PST)
Received: by mail-we0-f177.google.com with SMTP id t61so1486313wes.22 for <cfrg@irtf.org>; Thu, 06 Feb 2014 09:00:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=7Z71CQDbryWkKH4VL7UWFGPGDkt6ZEM+VzpVgprP4Ek=; b=vWUMjISiw2WBOpkqJhwnZg1E/4IRJSzmphkXJ761fZR471yQnZJnJvs8df4c1JHiqL Ys7Draa8cMqTjOLnwvYR4EbvyCTcseHuaIKodddvfIOghw9diqP/9OhJvKU53U19olb6 NNdYXmuu9yQY+09RqS5e9GAgNBOSK9P7RqLy8lbQN+tVSFQGC2e/ZCuf+sl4cBf7Mdq0 zsgP4ffWgbrunX384daJsWPw7K8WkH1GB275JnGr0O6Sp4Qw5JfhiYoFpmR4mSkCaRbg bgzmYAB7W1gqlCio3n4W7CvM51db/kj5WSuabZvoQu2PEHKt+Mkop7XwL7PoVbLjEK4o GekA==
MIME-Version: 1.0
X-Received: by 10.180.149.206 with SMTP id uc14mr263159wib.44.1391706044241; Thu, 06 Feb 2014 09:00:44 -0800 (PST)
Received: by 10.194.250.101 with HTTP; Thu, 6 Feb 2014 09:00:44 -0800 (PST)
In-Reply-To: <570B8BE5-1362-4D08-A22D-FE86FC4A77DC@netapp.com>
References: <20140203192451.6268.76511.idtracker@ietfa.amsl.com> <7af2f9df96e5867d493c614806235363.squirrel@www.trepanning.net> <CACsn0cm1f-P95je5AbEbZ02Ut3+HM7Hx28P6j46TqE-=06eZDg@mail.gmail.com> <52F00EF3.3040505@cisco.com> <CACsn0c=zS5GKex3eF_hKgTsL1kH=TiBi3iAP9oMrJ9hDQcT4Gw@mail.gmail.com> <7BAC95F5A7E67643AAFB2C31BEE662D018B81B7DE5@SC-VEXCH2.marvell.com> <CACsn0cn0TaHsDkyN2ewOorxxBzXivCg=QGR-ZnBiC3nJhvhpRg@mail.gmail.com> <14AB44E0-4C90-4E4C-A656-885A31CF4C02@checkpoint.com> <CACsn0cmDT-FAN8uMZ0w8TX6GKPAZjnrexLeFQd7QhRfoY6AGFQ@mail.gmail.com> <75e1e853dc391b418062ee5e51adeb2f.squirrel@www.trepanning.net> <CABqy+sr7ZKrACj4Ga2_75d9Kea0aKbrp2P5fWWu4YZP53zijxw@mail.gmail.com> <CACsn0cmS152wYQWHiX8ykzaMM=6b=r=fwVuLfPj_u0wmoq0jKw@mail.gmail.com> <7BAC95F5A7E67643AAFB2C31BEE662D018B81B7F7C@SC-VEXCH2.marvell.com> <CACsn0c=a5PvZOZgVRjHaJ2avGCPHF6b6nOpNh+iT0909X-jUFA@mail.gmail.com> <52F23D52.4090509@cisco.com> <EFA9E215-3B01-43C6-A8F0-3F98E3ED2E26@netapp.com> <255B9BB34FB7D647A506DC292726F6E1153AD4CF05@WSMSG3153V.srv.dir.telstra.com> <3E30D764-7E19-45DB-9D6D-63949F5B36CB@netapp.com> <255B9BB34FB7D647A506DC292726F6E1153AE65F2E@WSMSG3153V.srv.dir.telstra.com> <570B8BE5-1362-4D08-A22D-FE86FC4A77DC@netapp.com>
Date: Thu, 06 Feb 2014 09:00:44 -0800
Message-ID: <CACsn0ckm95r4x7VBrW81+f7Resf7RcS6iOBPx3yqu9m1VuELhw@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: "Eggert, Lars" <lars@netapp.com>
Content-Type: text/plain; charset="UTF-8"
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] NSA sabotaging crypto standards
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Feb 2014 17:00:47 -0000

On Thu, Feb 6, 2014 at 8:20 AM, Eggert, Lars <lars@netapp.com> wrote:
> Hi,
>
> I want to respond to a few of your points. I won't get into a prolonged debate here.
>
> On 2014-2-6, at 16:00, Manger, James <James.H.Manger@team.telstra.com> wrote:
>>> The CFRG is not a standards group. It does not produce standards.
>>
>> These look and smell like standards to me, and this is where they are worked on.
>
> <snip>
>
> but they aren't. By definition, the IRTF does not produce standards, and the first sentence of the boilerplate of any IRTF RFC says
>
>    This document is not an Internet Standards Track specification; it is
>    published for examination, experimental implementation, and
>    evaluation.
>
> and then goes on to state even more caveats. That's about as clear as we can be.

Just because a document says this, doesn't mean it's actually true.
And when it comes to the CFRG, it largely isn't.
IETF working groups will follow suit if they see that some new
protocol is documented by the CFRG. That's the role
the CFRG exists to play: supporting IETF WGs when they have to
evaluate crypto. Furthermore, if we aren't actually
producing documents meant to say "This is X, and X is good" for some
definition of good, what are we doing here?

Sincerely,
Watson Ladd

v2.23.0 | Report a Bug | By Email