Re: [Cfrg] Requesting removal of CFRG co-chair

"Dan Harkins" <> Mon, 23 December 2013 01:36 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 5108F1AE0F8 for <>; Sun, 22 Dec 2013 17:36:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.867
X-Spam-Status: No, score=-3.867 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id yRh4nGtGzvrd for <>; Sun, 22 Dec 2013 17:35:58 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 9DA101AE0F7 for <>; Sun, 22 Dec 2013 17:35:58 -0800 (PST)
Received: from (localhost []) by (Postfix) with ESMTP id 8657110224008; Sun, 22 Dec 2013 17:35:55 -0800 (PST)
Received: from (SquirrelMail authenticated user by with HTTP; Sun, 22 Dec 2013 17:35:55 -0800 (PST)
Message-ID: <>
In-Reply-To: <>
References: <> <> <> <> <> <> <>
Date: Sun, 22 Dec 2013 17:35:55 -0800
From: Dan Harkins <>
To: Watson Ladd <>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Cc: "" <>
Subject: Re: [Cfrg] Requesting removal of CFRG co-chair
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 23 Dec 2013 01:36:00 -0000

On Sun, December 22, 2013 9:28 am, Watson Ladd wrote:
> On Sun, Dec 22, 2013 at 12:22 AM, Dan Harkins <> wrote:
>>> The purpose of the CFRG is not to create standards. It is to advance
>>> the
>>> usage
>>> of cryptography and improve the security of the Internet. The abuses of
>>> process
>>> committed by Kevin directly harm that goal by enabling a protocol to
>>> shortcut
>>> the LC process in the CFRG, and thus avoid serious discussion.
>>   What process are you talking about? There was no LC declared and
>> certainly no process that required one before an answer could be
>> provided back to the TLS WG.
> Are you suggesting that the chairs of the CFRG have the power to decree
> something acceptable by themselves, and speak for the CFRG? This is
> a ridiculous claim. Whether last call or not, some process would be needed
> to decide what the sense of the list was.

  No, what I'm saying is that you're objecting to something that didn't
happen. There was no "shortcut" of a LC process (as you said). There was
no "result of a LC that never happened" (as you also said). There was no LC
made because there was no requirement to have a LC and the TLS WG did
not ask for such a thing.

>>   You seem to have invented a process, declared Kevin Igoe in violation
>> of it, and concocted a conspiracy theory to explain it all.
> I think it is reasonable for the chair to be forced to consult with
> the membership before
> deciding what the group's position will be, especially when the
> conclusions of the CFRG will
> be waved around to dismiss concerns about a protocol.

  Your rhetorical flourish is a bit excessive. You act as though the
TLS WG requested that the imprimatur of the CFRG be placed upon
a protocol or that someone is behaving as if it did.

  As it says in the charter of the CFRG, "IETF working groups developing
protocols that include cryptographic elements are welcome to bring
questions concerning the protocols to the CFRG for advice." That's what
happened. They didn't say "please formally bless this protocol and
declare that it is secure and is the best possible solution to our problem".

  The TLS WG lacks the expertise to evaluate the underlying key
exchange and asked CFRG to see whether there was anything that
would make it unsuitable for a TLS cipher suite. That is all. There
were a few comments made about the protocol, and comments
were addressed, but there was nothing, and still remains nothing,
that makes it unsuitable for a TLS cipher suite.

> Most people in the IETF couldn't
> tell you why the DDH isn't true in GF_{p}^{\times}, or what a pairing
> is, or why PKCS 1.5 is worse
> than OAEP.  The point of the CFRG is that they won't have to: we'll do
> the work for them. But that
> only works if the CFRG properly represents its membership, and if
> other WGs feel that the CFRG
> is a useful resource. Do you think Kevin's continued presence as chair
> is compatible with these goals?

  What I think is that you have misunderstood the process and have
misunderstood what happened and have leapt to the conclusion that
something nefarious happened and that it must be because the
co-chairman works for the NSA.