Re: [Cfrg] Requesting removal of CFRG co-chair

Stephen Farrell <> Sun, 29 December 2013 19:13 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 1C0701AE272 for <>; Sun, 29 Dec 2013 11:13:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.263
X-Spam-Status: No, score=0.263 tagged_above=-999 required=5 tests=[BAYES_50=0.8, LOTS_OF_MONEY=0.001, RP_MATCHES_RCVD=-0.538] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id WZTQdWYMepC5 for <>; Sun, 29 Dec 2013 11:13:13 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id EA2351AE1DE for <>; Sun, 29 Dec 2013 11:13:12 -0800 (PST)
Received: from localhost (localhost []) by (Postfix) with ESMTP id E0F68BE29 for <>; Sun, 29 Dec 2013 19:13:05 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id aqVKYdC+j8vk for <>; Sun, 29 Dec 2013 19:13:04 +0000 (GMT)
Received: from [] (unknown []) by (Postfix) with ESMTPSA id 98FC2BDDC for <>; Sun, 29 Dec 2013 19:13:04 +0000 (GMT)
Message-ID: <>
Date: Sun, 29 Dec 2013 19:12:54 +0000
From: Stephen Farrell <>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: "" <>
References: <>
In-Reply-To: <>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: [Cfrg] Requesting removal of CFRG co-chair
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 29 Dec 2013 19:13:17 -0000

My take on the proposition, as an individual, (*) intended
for Lars benefit.

- I don't think Dragonfly was mishandled in any important
way, nor is it at all important. I think that the proponents
involved in the dragonfly related discussions on both sides
have not helped by raising the temperature needlessly and
(it seems to me) in some cases quite deliberately. I would
discount pretty much all of the dragonfly related discussion.
(And as previously noted, the TLS WG are not progressing
their equivalent here, making the topic even less interesting.)

- I do think its valid to raise the question of NSA influence
given that NSA are reputed to be spending US$250M per year
("BULLRUN") to defeat Internet security mechanisms. That does
differ from the usual corporate axe-grinding that our processes
have been designed to counter. However, from what I can see so
far, our processes seem to be about as good a counter to
BULLRUN as can be done for the IRTF or IETF. (Asking the
question in the IETF as to whether we could do better would
be good, and I will bring that up after Lars has made his
decision here. I don't think discussion of that topic by those
ignorant of current processes is useful.)

- I do not think that the opinions of people who've only
appeared on this list for this discussion should be counted
as equivalent to those who have made ongoing contributions
to the IRTF and/or IETF. I'd weigh opinions from those active
in CFRG most, but only slightly ahead of opinions from those
with a general history of useful contribution to IRTF/IETF.

- I do not think that affiliation alone is a sufficient reason
to fire a chair, even given BULLRUN. While there is a "press"
downside to having Kevin as a co-chair, I think that is outweighed
by the overall damage that would accrue for firing a chair based
solely on affiliation. (In case its not clear from the above, I
see no other reason to remove Kevin as co-chair.)

- However, I do think that CFRG has not been as active as I'd
like to have seen in recent months, given BULLRUN and snowdonia
more generally. I would love to see ongoing detailed work within
CFRG as to how to counter pervasive monitoring. Right now, partly
due to CFRG inactivity, two other cryptography lists are highly
active, but with a lower SNR than I'd expect were CFRG participants
to try tackle the topic with sufficient chair involvement. This is
a criticism of all CFRG participants, not solely of the CFRG
co-chairs. However, the chairs do bear some additional responsibility
for list inactivity. (**) I assume that that lack of chair activity
is down to lack of cycles for the current chairs. If not, then
that might be useful (for Lars) to explore. I also assume that the
lack of general activity is mainly down to the same thing for other
participants. While I could imagine a universe in which people held
off from posting to this list because Kevin was a co-chair, I
have not seen any evidence of that having been the case. If that
has happened, then the people who didn't post on that basis should
say so (to Lars at least).

Overall, I do not think Kevin should be "removed" but I do
think that CFRG would benefit from an injection of energy,
possibly including via new or replacement chairs and I'd love
to see that energy devoted to working to counter pervasive
monitoring, to the extent that CFRG can help with that.

Lastly, I'm fine with Lars using his judgement on all of the
above, as IRTF chair, and I don't see any need to rush the
decision as to how to handle the request.

Hope that helps,

(*) For those involved in this discussion who are not familiar
with how IETF/IRTF works, "as an individual" means that
since this is the IRTF, the fact that I'm an IETF security
AD shouldn't count, nor the fact that I co-chair the DTNRG.

(**) In saying that I take the blame similarly for a lack of
cycles to help chair DTNRG recently. And I already told Lars
I'd be happy to be replaced as DTRNG co-chair if/when he can
find a good alternative. That last is important too - new
co-chairs don't grow on trees. Ironically, the main reason
I've not had time for DTNRG is all the perpass stuff;-)