Re: [Cfrg] Time to recharter CFRG as a working group? Was: Re: [secdir] ISE seeks help with some crypto drafts

Richard Barnes <> Wed, 13 March 2019 11:32 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1B53E130EC8 for <>; Wed, 13 Mar 2019 04:32:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id VrXPkg052QZp for <>; Wed, 13 Mar 2019 04:32:45 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::343]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E6E26130EBF for <>; Wed, 13 Mar 2019 04:32:44 -0700 (PDT)
Received: by with SMTP id t7so1378587otk.8 for <>; Wed, 13 Mar 2019 04:32:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=C6e7yDjH+34MahjlT8s8xfnAwpFZKHASfA5VK0a62E0=; b=Ye0qjjvMhOha6qhMPU/gsIlyNdGmgbiVvHXVF0hpCfHkO7GFl4EyqJpGs7YHTp94aq UUCaTW0sH2DOWpUTQJPdPtHhUI3V20Nng3hAJDV1nzHQ71SX2/CYoqaEYE7l+rSs27/v wae27c5pf/BjyTwrtu4QAAV6Tuh8xUA/mqQP2oC1yIUgCLT1Dz5uinALai262YxObIif mUi5Y1CCdNrAbvhkEDYf6eBXA7akf0vGOiyKN/LoTPOYMTCI0+j+i9EgC+UIh9i3ku9p mF4WCJ/mXY3ju9f1kTlsIcc724LyOPUj2bLd8B68xmoSPvoT3vig6vHNK3mf6vT/1yfm piGw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=C6e7yDjH+34MahjlT8s8xfnAwpFZKHASfA5VK0a62E0=; b=T75cwq5k2mpO8lE15WAJyPvkZMSpS4Dhd4dLFMGb0pPnArhIfMHR1W+KmyrHJ2ndBZ 7L8RdSP2rK8OjQ08gukYlF1Fc792l9ZiNukYD90F3sNEiBI+sH3OBnKtvEYz5c5FSpvt uun2CeMNK7NbpiaJR4Ss0MnC9AFQO9rb+tDmVIfZDn4OhKsN0bd/vDLGj7UnX3r00jy/ s4LEunL9hpL1Lf8UHDJkF24Uiu6qDfPdgChdSdWurPaNSz3fC+o/6BQ3+yvoaYUPXf+/ d7zV35RlfxZRVWC0kb4nGU8nw1q8tj8YFzgZVhB+eanl9cZTX7eVqr1zNKAbO0k4+wv+ iutg==
X-Gm-Message-State: APjAAAWO5HQQlr1jWAXCuytfQckbbG/LUkDlCRl5MFZUwgTAdTaBKb8e Ixui69dF+LiVc16birZ2IaBnwIvdT1HbIS1EU6Gi8Q==
X-Google-Smtp-Source: APXvYqxbnTXw5lW52uLPB2nsvF3vsEPAJfw3pcGOK5FO7XSLXrMzFCQToZMyphpcNZgczXzRRg9mUdWoyXPu3E4PvFA=
X-Received: by 2002:a05:6830:15c7:: with SMTP id j7mr26002723otr.331.1552476764064; Wed, 13 Mar 2019 04:32:44 -0700 (PDT)
MIME-Version: 1.0
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
From: Richard Barnes <>
Date: Wed, 13 Mar 2019 07:32:15 -0400
Message-ID: <>
To: Michael StJohns <>
Cc: John Mattsson <>, "Blumenthal, Uri - 0553 - MITLL" <>, CFRG <>, "RFC ISE (Adrian Farrel)" <>, secdir <>
Content-Type: multipart/alternative; boundary="0000000000000b5f8d0583f82a2d"
Archived-At: <>
Subject: Re: [Cfrg] Time to recharter CFRG as a working group? Was: Re: [secdir] ISE seeks help with some crypto drafts
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 13 Mar 2019 11:32:49 -0000

Mike, are your concerns here primarily IPR related?  If that's so, then
maybe that's the level at which we should address them, as opposed to
flipping the bigger RG->WG switch.

On Tue, Mar 12, 2019 at 4:43 PM Michael StJohns <>

> On 3/12/2019 2:56 PM, Richard Barnes wrote:
> Big +1 here.  It's not broke, so let's not fix it, especially for purely
> process-wonk reasons.
> Except its not quite just for process-wonk reasons.  The last couple of
> discussions have been about the IPR related to OCB and whether the CFRG
> should work on it because of that.   That's a perfectly fine set of
> discussions for a standards WG especially when considering which modes to
> include under recommended and mandatory to implement, but is probably out
> of place for an RG.     The RG ought to be answering the question "does
> this proposal have security flaws" and not "has the patent expired on this"
> but we seem to be getting far past the "discussing and analyzing" part of
> the CFRG charter?
> Our goal is to provide a forum for discussing and analyzing general
> cryptographic aspects of security protocols, and to offer guidance on the use
> of emerging mechanisms and new uses of existing mechanisms.
> I'd really like the CFRG to continue to be a place where anything
> cryptographic can be brought to be evaluated on its merits - but that -
> IMHO - doesn't seem to be the recent trend.
> I note that the CFRG has already published RFC7253 on OCB and the IETF
> published an RFC on MD5 many many years ago, so unless there are new
> security flaws in this set of documents, the answer to the ISE should be a
> no brainer of "we don't see any problems with the publication".    And at
> some point the patents *will* expire even if its not the 1-2 years that one
> poster suggested.
> In any event, I'm not going to push for this at this time, but I'm still
> confused about what would have to change if the charter were turned into a
> WG charter.
> Later, Mike
> On Mon, Mar 11, 2019 at 3:08 AM John Mattsson <>
> wrote:
>> I think it is much more important that CFRG stays a Research Group, than
>> it is that CFRG can produce standards track documents. CFRG is unique and
>> fills a very important roll. The fact that CFRG documents are used so much
>> indicates to me that CFRG is working very well. I would be very hesitant in
>> changing something that works.
>> Cheers,
>> John