Re: [Cfrg] Requesting removal of CFRG co-chair

Alyssa Rowan <akr@akr.io> Mon, 23 December 2013 07:10 UTC

Return-Path: <akr@akr.io>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 272441A802D for <cfrg@ietfa.amsl.com>; Sun, 22 Dec 2013 23:10:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2bfTQ5shlZ7I for <cfrg@ietfa.amsl.com>; Sun, 22 Dec 2013 23:10:38 -0800 (PST)
Received: from entima.net (entima.net [78.129.143.175]) by ietfa.amsl.com (Postfix) with ESMTP id 4F0A91A802B for <cfrg@irtf.org>; Sun, 22 Dec 2013 23:10:37 -0800 (PST)
Received: from [10.10.42.10] (cpc5-derb12-2-0-cust796.8-3.cable.virginm.net [82.31.91.29]) by entima.net (Postfix) with ESMTPSA id 6E31B60083 for <cfrg@irtf.org>; Mon, 23 Dec 2013 07:10:33 +0000 (GMT)
Message-ID: <52B7E1EF.80808@akr.io>
Date: Mon, 23 Dec 2013 07:10:39 +0000
From: Alyssa Rowan <akr@akr.io>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: cfrg@irtf.org
References: <201312212237.rBLMbo5i016331@sylvester.rhmr.com> <5FA05FD6-59A5-40EC-A3F6-A542E37C3224@taoeffect.com> <31D844CE-CCC8-4A4A-90A1-064D7B205E13@taoeffect.com> <CEDB64D7.2B148%paul@marvell.com> <CACsn0ckpB+9GHHb37xJ6BrpK3SL1aPe2-_nPwbDZKMAjMFg0Sg@mail.gmail.com> <8ac4396af38c4be34935361ed36ca5f6.squirrel@www.trepanning.net> <CACsn0c=96TPU5+WbkU=k3=S2r14Oho+frMVJ8zcZoEjXpYS9KA@mail.gmail.com> <e48e9ab7885ad9bd9c35def72ad429d7.squirrel@www.trepanning.net>
In-Reply-To: <e48e9ab7885ad9bd9c35def72ad429d7.squirrel@www.trepanning.net>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: Re: [Cfrg] Requesting removal of CFRG co-chair
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Dec 2013 07:10:41 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Mon 23 Dec 2013 01:35, Dan Harkins wrote:

> As it says in the charter of the CFRG, "IETF working groups 
> developing protocols that include cryptographic elements are 
> welcome to bring questions concerning the protocols to the CFRG
> for advice." That's what happened.

The TLS WG asked the CFRG for advice. They got Kevin's. He did not
mention the (unaddressed) concerns raised.


Documented fact: Kevin belongs to an agency with a "SIGINT Enabling
Project". Their job is to "enable" [backdoor and/or disrupt] strong
cryptography so the NSA can exploit it.

That makes his advice untrustworthy. For all we know, it's *literally*
his job to lie to us, and mislead us.

And if he is responsible, as co-chair, for relaying the CFRG's advice
to WGs, he is in the perfect position to do just that. The net effect
is to taint that advice with the NSA's proven untrustworthiness.

That's the central problem here.

The only fix is for him to step down as co-chair. (It wouldn't hurt
for him to resign from the NSA, or speak out, either; that he hasn't,
as Daniel raised, can only be reasonably interpreted as indicative of
his approval of the agency's actions.)


Do you agree?

If not, Dan, why do you wish Kevin to remain co-chair: despite the
profound concerns raised, and the fundamental conflict-of-interest
between his duties here, and the NSA's mission?

Kindly explain your reason. I'm keenly interested to hear it.


I mean, what I've heard from you so far is... just look at this gem:

On Thu 12 Dec 2013 16:06, on TLS WG, Trevor Perrin wrote:
>> The consequences of adopting a protocol we think is secure that 
>> isn't: dead people.

(Correct security engineering thinking, backed up by decades of proven
 history, and still just as true today, as Jacob Applebaum or Moxie
 would be able to confirm.)

On Fri 13 Dec 2013 08:35, on TLS WG, Dan Harkins wrote this reply:
> You obviously read too much fiction and have too little practical 
> experience. Dragonfly is not a threat to human life. Get a grip.

(...and well, I think that speaks for itself, doesn't it?)

- -- 
/akr
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJSt+HvAAoJEOyEjtkWi2t6g5EQAJnBwrwQixvfmI7IhRaNPrUQ
/dVLWGFH0UtFRDOy9VU9o1DTuU5ej9LjhIoLnBgWQrz3bM/AssHPoTjHmzH7I7Gn
FnFTEuTmNFULhAbsBDZU81dSyWW3VfU1WTPs/KqS1x0fOSV2tpqm3aW/0xOfFQr/
vCJfyiO+lOnqFhJLX5Mo6Pc2AC2VYq5cr0OcF+VS/zmuxKLpQpHmRFQczw01eHUw
5fD+PLs0D+TmZqbw+m16MF7NwytitqLcSGzYY9OqVANsimVs4VoP2XbmuvBQ7NwW
oRC5JNOpb/Hg7kCypdMmbtN7rpfSTq5mkOLUUFm8taXtOgQWiILPIhubD0MPwaHa
PBlMLZ+fcmaOW43tBj1d7id3NpH2lK2+eQCxCht9yE1FctT2sqne2TRpeUFOVMa/
fGGrGByucaF9IApKXuqbWM31W2LnZzZGWGkuq38OI0lZ5kzUndik/XH+SkBjR/R3
/Brq147//7Vl+vbf2EYzM+jpFA/KUx8EbdsRYxlGSslzFC9AesJIloi3GBL154G9
6HvUu3+xoQ9aS/jYECR0x8fvhQRVCOW7YQunAiGI3EmzqSbXghf9IP6qgOYhcHj9
ollrAc9MQro4paLxpGOIQ/cQkZqbCmkGydKeK+IeDEe9beA7M7Oo/T08nFjmgGqu
AgoBzHiw7xpIjPo8DjtP
=5YBr
-----END PGP SIGNATURE-----