Re: [CFRG] Escalation: time commitment to fix *production* security bugs for BLS RFC v4?
Paul Hoffman <paul.hoffman@vpnc.org> Sat, 24 April 2021 17:53 UTC
Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C74563A18F0 for <cfrg@ietfa.amsl.com>; Sat, 24 Apr 2021 10:53:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7wM9XrtUpKNU for <cfrg@ietfa.amsl.com>; Sat, 24 Apr 2021 10:53:36 -0700 (PDT)
Received: from mail.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 265C93A18EE for <cfrg@irtf.org>; Sat, 24 Apr 2021 10:53:36 -0700 (PDT)
Received: from [10.32.60.48] (76-209-242-70.lightspeed.mtryca.sbcglobal.net [76.209.242.70]) (authenticated bits=0) by mail.proper.com (8.15.2/8.15.2) with ESMTPSA id 13OHrpd8024133 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sat, 24 Apr 2021 10:53:52 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: mail.proper.com: Host 76-209-242-70.lightspeed.mtryca.sbcglobal.net [76.209.242.70] claimed to be [10.32.60.48]
From: Paul Hoffman <paul.hoffman@vpnc.org>
To: Quan Thoi Minh Nguyen <msuntmquan@gmail.com>
Cc: cfrg@irtf.org
Date: Sat, 24 Apr 2021 10:53:31 -0700
X-Mailer: MailMate (1.13.2r5673)
Message-ID: <413D8017-047F-4A86-BEDD-7BED6BBB972B@vpnc.org>
In-Reply-To: <A1765592-7AF7-4F3A-8B22-C5BD6C059A7C@akamai.com>
References: <CAAEB6g=tU=MF1_QKduEN55ft0rWe+7x0wBbywS083fJrjzP=XA@mail.gmail.com> <20210423195504.d6f74x4jsdrzagcc@muon> <CAAEB6g=dcsRKz6zm7F15F-uZ7Zfi_qF06KwQXmrireKEKZYHFg@mail.gmail.com> <49ca86ec6409217d60e3f2e94e3090ef2b571f80.camel@loup-vaillant.fr> <A1765592-7AF7-4F3A-8B22-C5BD6C059A7C@akamai.com>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/2clgMQK_7jnmZJtbZ67A5Q_0iZM>
Subject: Re: [CFRG] Escalation: time commitment to fix *production* security bugs for BLS RFC v4?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Apr 2021 17:53:39 -0000
On a tangential note, but one that is relevant to your complaint: - Internet Drafts are absolutely not RFCs. RFCs always have been more reviewed than Internet Drafts. That is, even the "final" draft that is given to the RFC Editor has additional reviews that sometime surface technical bugs that must be fixed before the RFC is published. As others have pointed out, implementing from an Internet Draft comes with significant risks. - The CFRG does not create standards. All RFCs from the CFRG have a status of "informational", not "standard". They might be treated as standards by implementers, but they are not in fact standards. In the IETF, standards have more reviews than CFRG RFCs. (I note that https://github.com/cfrg/draft-irtf-cfrg-bls-signature incorrectly uses the word "standard" at the top of the repo. Maybe the CFRG chairs could review all of the repos in https://github.com/cfrg to make sure that their wording is accurate.) --Paul Hoffman
- [CFRG] Escalation: time commitment to fix *produc… Quan Thoi Minh Nguyen
- Re: [CFRG] Escalation: time commitment to fix *pr… Riad S. Wahby
- Re: [CFRG] Escalation: time commitment to fix *pr… Quan Thoi Minh Nguyen
- Re: [CFRG] Escalation: time commitment to fix *pr… Loup Vaillant-David
- Re: [CFRG] Escalation: time commitment to fix *pr… Salz, Rich
- Re: [CFRG] Escalation: time commitment to fix *pr… Paul Hoffman
- Re: [CFRG] Escalation: time commitment to fix *pr… Quan Thoi Minh Nguyen
- [CFRG] Bitcoin delenda est. Was: Escalation: time… Phillip Hallam-Baker
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … Daniel Franke
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … Kyle Rose
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … Michael Sierchio
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … Michael Sierchio
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … Kyle Rose
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … Michael Sierchio
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … Phillip Hallam-Baker
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … Mike Hamburg
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … Mike Hamburg
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … Thomas Dineen
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … Phillip Hallam-Baker
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … Thomas Dineen
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … Thomas Dineen
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … denis bider
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … Eric Rescorla
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … denis bider
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … Soatok Dreamseeker
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … denis bider
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … Nick Sullivan
- Re: [CFRG] Escalation: time commitment to fix *pr… Jeff Burdges