[Cfrg] RE: Where's the beef?

Alex Alten <Alten@attbi.com> Fri, 30 August 2002 20:08 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA03796 for <cfrg-archive@odin.ietf.org>; Fri, 30 Aug 2002 16:08:33 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id g7UK9dl22121 for cfrg-archive@odin.ietf.org; Fri, 30 Aug 2002 16:09:39 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g7UK9co22118 for <cfrg-web-archive@optimus.ietf.org>; Fri, 30 Aug 2002 16:09:38 -0400
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA03780; Fri, 30 Aug 2002 16:08:02 -0400 (EDT)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g7UK92o22096; Fri, 30 Aug 2002 16:09:02 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g7UK8Oo22070 for <cfrg@optimus.ietf.org>; Fri, 30 Aug 2002 16:08:24 -0400
Received: from rwcrmhc51.attbi.com (rwcrmhc51.attbi.com [204.127.198.38]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA03738 for <cfrg@ietf.org>; Fri, 30 Aug 2002 16:06:47 -0400 (EDT)
Received: from alten ([12.232.7.235]) by rwcrmhc51.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP id <20020830200744.TBFD12451.rwcrmhc51.attbi.com@alten>; Fri, 30 Aug 2002 20:07:44 +0000
Message-Id: <3.0.3.32.20020830130541.01915860@mail>
X-Sender: alten@mail
X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.3 (32)
Date: Fri, 30 Aug 2002 13:05:41 -0700
To: "David A. Mcgrew" <mcgrew@cisco.com>
From: Alex Alten <Alten@attbi.com>
Cc: <cfrg@ietf.org>, "Ran Canetti" <canetti@watson.ibm.com>
In-Reply-To: <FPELKLHKCBJLMMMNOGDFEEAPDPAA.mcgrew@cisco.com>
References: <3.0.3.32.20020830115017.0145a6a8@mail>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Subject: [Cfrg] RE: Where's the beef?
Sender: cfrg-admin@ietf.org
Errors-To: cfrg-admin@ietf.org
X-BeenThere: cfrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=unsubscribe>
List-Id: Crypto Forum Research Group <cfrg.ietf.org>
List-Post: <mailto:cfrg@ietf.org>
List-Help: <mailto:cfrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=subscribe>

David,

At 12:39 PM 8/30/2002 -0700, David A. Mcgrew wrote:
>>
>> You side-stepped my budget question.  So I assume no money is available.
>
>this is the IRTF.  If you're expecting us to solicit or disburse money, I'm
>afraid that you'll be disappointed.  If you're unfamiliar with the IRTF, the
>guidelines and procedures are outlined in RFC 2014.
>

I am unfamiliar with it.  Let me read it before getting back to you.

And to answer an earlier question, yes I do have something in mind but
I hesitate.

>> This is a pity, because the best minds in the crypto world will not work
>> for free, unlike the usual university or corporate lab network programmer
>> in an IETF WG.  This will make it difficult to produce anything useful
>> here.  As a practical matter we will need to back up our RFC's with
>> outside analysis.
>
>The idea of CFRG is that the RG members can provide this kind of review, and
>that the results of crypto analysis relevant to the Internet can be
>disseminated and discussed.
>

No.  I disagree.  Anything serious must go through very thorough "private"
review first.  You cannot put stuff out publicly until you are sure it 
will fly from a crypto/security point of view.  Otherwise you will damage
our reputation to the point that you might as well disband.

To me "private" means we have the best cryptanalysts possible review our
RFCs before we put them out for public review (say a couple of months 
before first call).  Unless the various RG members have the credentials
(only 2-3 are probably needed per type of RFC) AND are willing to sign
the review, you *will* have to pay for this type of review, and it is not
cheap (although the best are not the most expensive).  In any case it is
good professional form to have neutral 3rd parties review them, our RG
members will probably develop biases while working on or discussing a
technology/RFC.

- Alex

--

Alex Alten
Alten@ATTBI.com

_______________________________________________
Cfrg mailing list
Cfrg@ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg