IETF Logo Mail Archive

Re: [Cfrg] would it be a good idea for CFRG to try review algorithm documents?

Björn Edström <be@bjrn.se> Thu, 10 December 2015 22:55 UTC

Return-Path: <bjorn.edstrom@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8CBC51AC415 for <cfrg@ietfa.amsl.com>; Thu, 10 Dec 2015 14:55:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.978
X-Spam-Level:
X-Spam-Status: No, score=-0.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y0bg401jLfqi for <cfrg@ietfa.amsl.com>; Thu, 10 Dec 2015 14:55:13 -0800 (PST)
Received: from mail-pf0-x22f.google.com (mail-pf0-x22f.google.com [IPv6:2607:f8b0:400e:c00::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5DA91B2D39 for <Cfrg@irtf.org>; Thu, 10 Dec 2015 14:55:12 -0800 (PST)
Received: by pfbu66 with SMTP id u66so11256682pfb.3 for <Cfrg@irtf.org>; Thu, 10 Dec 2015 14:55:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=92dMZlxWZBGpWRFjaDFASBf94HvYeLHwI7SjP5CiaLM=; b=wDwIdDrTns/TY3EOnSZRxdL5CiYlNffV4oCYPkGTT6hRRTZnZA6P1V1svKr3g4Dp6z AvStfqRgAIOBDXjg95TAgi3B4pqKu623sWTmkS/hBtU5XumrB2i0gWOjibCdTG9o7GJj W+of/HCAieREekcMnDzeuczlpABveFkouM6Uwx3oeDM+0PJMBt0ZstkkQgbHGo/YLOVn EugAbssw6socs9d51F5dxgZnf8V5HhLdyCw4gD36rs8p1GRjizeVCXeADWnnfMm34goF o7cNmRUvScZtZaQ9XXzvbjP5VI+ROY4vPnZqEVh2rEXctQ4J0eIIkQkKcpZ7zv52m/b7 a9AQ==
MIME-Version: 1.0
X-Received: by 10.98.89.75 with SMTP id n72mr10705569pfb.31.1449788112278; Thu, 10 Dec 2015 14:55:12 -0800 (PST)
Sender: bjorn.edstrom@gmail.com
Received: by 10.66.20.131 with HTTP; Thu, 10 Dec 2015 14:55:12 -0800 (PST)
In-Reply-To: <5669F7FC.5090507@rfc-editor.org>
References: <5668D26F.2020200@cs.tcd.ie> <5668D7A3.1070103@cs.tcd.ie> <A03EFDDF-DDA7-49E0-B0F4-64B50D0BB8EF@gmail.com> <56694CB0.4020503@cs.tcd.ie> <CAA4PzX2WFOJKe0qMST01n9WPV7HJHMkAjgBviaQZ9LTPne-_eg@mail.gmail.com> <5669F7FC.5090507@rfc-editor.org>
Date: Thu, 10 Dec 2015 23:55:12 +0100
X-Google-Sender-Auth: 3ce7IEtQWg00H3VezfG712dJFYw
Message-ID: <CAA4PzX0mrBQnmqctgbR6pFBbTcOWy4io7wKg162FChf0QVtm-Q@mail.gmail.com>
From: Björn Edström <be@bjrn.se>
To: Nevil Brownlee <rfc-ise@rfc-editor.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/D6HYZiePGWC5dzi-KkMyAHgXaC8>
Cc: "cfrg@irtf.org" <Cfrg@irtf.org>
Subject: Re: [Cfrg] would it be a good idea for CFRG to try review algorithm documents?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Dec 2015 22:55:14 -0000

With the proper expectations from all parties involved I personally
see no issues with this. Then again, I'm not really a strong voice in
this community so better listen to more people. :-)

I would not expect the CFRG participants to put in hours or days of
novel research into submissions. I would expect CFRG participants to
be reasonably up to speed with their line of research, and would be
able to point to research that supports or cast doubt on the viability
of a proposal. (Basically Stephens example in his response to Yoav).

The situation I'd like to avoid happening to the Internet is basically this:

1) A strong security construct is standardized as RFC NNNN that has
years and years of research behind it. The security is deemed viable.
There is much to rejoice.
2) A couple of years go by.
3) A draft is written that points to the security of RFC NNNN (e.g.
some integration to some other technology).
4) Approximately at the same time some new research is published that
breaks RFC NNNN in a non-negligible way.
5) The problem in 4 is not caught.

I expect that CFRG would catch 4 so precautionary measures can be
taken w.r.t. to the draft.

So my 2 cents here would be that I can live with more emails if the
end result is better quality output.

Best
Björn


On Thu, Dec 10, 2015 at 11:09 PM, Nevil Brownlee <rfc-ise@rfc-editor.org> wrote:
>
> Hi Björn et al:
>
> Hmm.  I try to find several crypto experts to review 'security' drafts
> in detail as part of the Independent Stream review process.
> However, asking CFRG to take a look too could be a good idea - as
> long as the CFRG members wouldn't regard such requests as spam?
>
> Cheers, Nevil (Independent Submissions Editor)

v2.23.0 | Report a Bug | By Email