Re: [Cfrg] Requesting removal of CFRG co-chair

[Watson Ladd <watsonbladd@gmail.com>]

On Sat, Dec 21, 2013 at 3:55 PM, Paul Lambert <paul@marvell.com> wrote:
>
>
> This debate started as a discussion of the ³Dragonfly² protocol.  The core
> cryptographic mechanism has been reviewed in multiple forums for two years
> and is incorporated into IEEE standards.  It is not an optimal mechanism,
> but was constructed for it¹s IPR considerations to serve a specific
> purpose.  It is useable and secure for the intended use cases and the
> protocol should progress forward.  The discussions on the CFRG list for
> time were productive and contributed to improvements in the protocol.

Is Dragonfly secure? Not in the standard model: some hash functions break it.
There is no proof in the Random Oracle Model, and there were
significant questions
about its security relative to already deployed options. I still am
not sure what the impact of the possibility of
hunt and peck failing is on security: certainly not good. The IEEE has
its own history of cryptographic failures,
which as a member of the Wi-fi alliance you should certainly know
about. After all, you had a front row seat
for the most notable ones.

>
> The CFRG co-chair¹s support of advancing the protocol has unfairly been
> turned into a witch hunt.  The collateral damage is the stopping a
> potentially useful protocol mechanism.

The CFRG cochair does not have the ability to declare the result of a
last call that
never happened because he personally supports a proposal. The only reason this
irregularity was noticed is that Trevor Perrin and Rene Struik
subscribed to the TLS WG
as well. If the cochair cannot be trusted to properly represent the
result of a process, how
can we proceed?

The fact that this working group has specialist expertise that most
IETF participants don't
possess only increases the danger. I have seen participants on the TLS
WG fail to understand
what broke RC4, what MACs do, the security claims of AES-GCM etc, and
the resultant protocol
makes all kinds of stupid, unforced errors. (AES-GCM with random
nonces? Just one of many fun
surprises) I don't think the TLS WG is an outlier in this regard.

As a result WGs can consult with the CFRG on matters beyond their
bailiwick. In the case of Dragonfly the cochair's
statement was used as an argument for ending review of the protocol
because he said it was "adequate", even
as the CFRG membership had deep misgivings about it.

>
> It is embarrassing to me to see the technical debate in the IETF lowered
> to the point that we are removing and rejecting people by their
> affiliation.  The whole point of standards is to bring into a room a group
> of competitors and work through a process to create technical solutions in
> a productive manner.  A continued debate on individuals open affiliations
> is not productive.  We should not proceed with a witch hunt to remove
> Government employees from the IETF.

The purpose of the CFRG is not to create standards. It is to advance the usage
of cryptography and improve the security of the Internet. The abuses of process
committed by Kevin directly harm that goal by enabling a protocol to shortcut
the LC process in the CFRG, and thus avoid serious discussion.

>
> Anyone with experience in standards activities should already be wary of
> motives that drive each of the contributions.  I¹d rather have my
> competitor (or in this case the NSA) in the room to get whatever reading I
> can on their positions on our technical work.  We will always have to
> second guess the motives of individuals bringing work into our open forums.

Cryptography is not like networking: a bad choice in a networking
standard is merely an annoyance to
implementors or hurts performance/interoperability, and the protocols
are fairly transparent.
A subtly bad choice in a cryptographic standard can lead to
vulnerabilities over an extended period of time. The IETF track record
on this is abysmal, to the point where many of the best practical
cryptographers avoid working with the IETF.
The CFRG was formed so that for once the IETF would listen. By
conflating his personal views with the conclusion of the CFRG,
Kevin Igoe sends a clear message: the views of members of the CFRG are
irrelevant to the IETF process.

If we let him make the decisions, what is the point of the CFRG?

Sincerely,
Watson Ladd

>
> Paul
>
> Paul A. Lambert
>
>
>
> On 12/21/13, 3:29 PM, "Tao Effect" <contact@taoeffect.com> wrote:
>
>>On Dec 21, 2013, at 6:17 PM, Tao Effect <contact@taoeffect.com> wrote:
>>> Should not the choice of an employer reflect on a person's competence?
>>
>>Sorry, thinking a bit more about that question, I think the answer is
>>"no, not necessarily, but maybe in some circumstances."
>>
>>
>>--
>>Please do not email me anything that you are not comfortable also sharing
>>with the NSA.
>>
>>>
>>>
>>> On Dec 21, 2013, at 5:37 PM, Hilarie Orman <ho@alum.mit.edu> wrote:
>>>
>>>> Take it as a challenge, is the IETF smarter than NSA or any other
>>>> organization with ulterior motives?  Can the IETF make sound technical
>>>> judgments based on written documents?
>>>
>>> Speaking for myself only, an organization's ability to make sound
>>>ethical choices impacts my ability to take it seriously.
>>>
>>> What sort of people does the IETF/CFRG place in positions of authority?
>>>
>>> Those types of decisions play a significant role in defining what an
>>>organization is, and what it does.
>>>
>>>> and choose leaders based on their competence and not on their
>>>>employment.
>>>
>>> Should not the choice of an employer reflect on a person's competence?
>>>
>>> Careful now, we're deadly close to reaching Godwin's Law. ;-P
>>>
>>> - Greg
>>>
>>> --
>>> Please do not email me anything that you are not comfortable also
>>>sharing with the NSA.
>>>
>>> On Dec 21, 2013, at 5:37 PM, Hilarie Orman <ho@alum.mit.edu> wrote:
>>>
>>>> Is the CFRG co-chair the only person in the CFRG who has associations,
>>>> proclaimed or covert, with an organization intent on undermining the
>>>> standards process?  I seriously doubt it.  Then why trust anything
>>>> from any part of the IETF?  Because it is an open process with input
>>>> from a worldwide community.  That open process provides the resilience
>>>> against attack.
>>>>
>>>> Take it as a challenge, is the IETF smarter than NSA or any other
>>>> organization with ulterior motives?  Can the IETF make sound technical
>>>> judgments based on written documents?  If you don't believe this is
>>>> possible, then by all means, start the purges.  Otherwise, step up to
>>>> the plate, be part of the evaluation-on-the-merits process, and choose
>>>> leaders based on their competence and not on their employment.
>>>>
>>>> Hilarie
>>>>
>>>> _______________________________________________
>>>> Cfrg mailing list
>>>> Cfrg@irtf.org
>>>> http://www.irtf.org/mailman/listinfo/cfrg
>>>
>>> _______________________________________________
>>> Cfrg mailing list
>>> Cfrg@irtf.org
>>> http://www.irtf.org/mailman/listinfo/cfrg
>>
>
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> http://www.irtf.org/mailman/listinfo/cfrg



-- 
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin