Re: [Cfrg] Requesting removal of CFRG co-chair

Alyssa Rowan <> Fri, 27 December 2013 15:21 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 64B251AE183 for <>; Fri, 27 Dec 2013 07:21:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.201
X-Spam-Status: No, score=-1.201 tagged_above=-999 required=5 tests=[BAYES_50=0.8, GB_I_LETTER=-2, LOTS_OF_MONEY=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 4GIbtY5B2kza for <>; Fri, 27 Dec 2013 07:21:46 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id E7EC51ADF5D for <>; Fri, 27 Dec 2013 07:21:44 -0800 (PST)
Received: from [] ( []) by (Postfix) with ESMTPSA id C32E0609E7 for <>; Fri, 27 Dec 2013 15:21:38 +0000 (GMT)
Message-ID: <>
Date: Fri, 27 Dec 2013 15:21:53 +0000
From: Alyssa Rowan <>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
References: <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Subject: Re: [Cfrg] Requesting removal of CFRG co-chair
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 27 Dec 2013 15:21:49 -0000

Hash: SHA512

(Restoring the subject line, so Lars can better follow the thread.)

On 26 Dec 2013 20:07, Igoe, Kevin M. wrote:
> While NSA’s SIGINT mission gets all the press (especially now), the
> Agency has another mission: Information Assurance.

Unfortunately, given the SIGINT Enabling Project has used the NSA's
Information Assurance mission as official cover for sabotage of
cryptographic primitives¹, implementations², and standards³, not to
mention their interesting conduct in statements and enquiries so far,
any trust or confidence once placed in the NSA for anything by anyone
has now been fatally, critically, permanently undermined.

I can't imagine the NSA's IA department is pleased about that at all
(particularly if it wished to, in time, use the protocols and COTS
software and hardware, such as your BlackBerry, that its SIGINT
department meanwhile was no doubt busily trying to subvert). That is,
of course, an internal issue between your respective departments,
NIST, the wider US Government, and of course the American people it

No comment is required: I understand you may find yourself in a
difficult position regarding such things. However, if you (or anyone
with the knowledge) felt yourself ethically able and willing to
disclose the specific nature and existence of any vulnerabilities so
seeded - and indicate if, and how, you have addressed them in any
software or hardware you have fielded - I would heartily encourage it.

We certainly aren't pleased about it, because to meet the 'perpass'
threat posed by Nation State Adversaries (a convenient initialism)
discussed at IETF 88, we're going to have to change, redesign and
deploy several new and improved primitives, protocols, standards and
implementations. This will be hard, and yes, will take years to
finish; the IETF, and CFRG, will play a vital part, I feel.

As the other co-chair, David McGrew correctly points out:
> The Research Group needs to have chairs that it trusts, and who are
> trusted by the broader IETF and Internet communities that they work
> with.

Our work needs to be carried out openly and transparently so that it
can be trusted. And that process needs to be administered by people we
mistrust as little as possible, and clearly not by an
openly-acknowledged agent of an organisation systematically trying to
sabotage the process of devising and deploying strong cryptography:
it is a simple, and unavoidable, conflict of interest, I'm afraid.

I therefore reiterate the call for your resignation as co-chair.
I mean no personal disrespect, but it's clear you understand the

I hear Mr Schneier might be too busy. Besides, the job is, as you say,
unglamorous, and administrative. Still, perhaps a trusted
international cryptographer (perhaps in a jurisdiction with no
National Security Letters or similar means of potential coercion to
overlook a potential backdoor?), with the time available would be a
good choice?

I'm not sure a similar situation has arisen before, and therefore
there might well be no established procedure; of course, we can be
patient. Perhaps, if your colleagues and counterparts could be
persuaded to curtail their excesses, a similar situation may not arise
again. I remain guardedly hopeful.

In any case, I wish yourself (and your daughter) well, and please have
a enjoyable holiday.

1. Specific documented example: Dual_EC_DRBG - a backdoor that couldn't
   have been more obvious if you'd erected a flashing neon sign and
   driven a mounted parade with a marching band through it. We have no
   reason to expect other 'enablings' to be as obvious, of course.
2. Specific documented example: RSA Security; BSafe; $10m; Dual_EC_DRBG.
3. 802.11; GSM; LTE. Bluetooth? (Even perhaps TLS?) Hard to be sure...
   it's the kind of subtle sabotage that makes the result awful by
   design, rather than simply awful by committee; the two are hard to
   distinguish, which is the point, and the end result is similar,
   as is the need to improve and fix.

- --