Re: [Cfrg] Time to recharter CFRG as a working group? Was: Re: [secdir] ISE seeks help with some crypto drafts

denis bider <> Wed, 13 March 2019 01:37 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id DBAC11311BD for <>; Tue, 12 Mar 2019 18:37:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id dWhP1_Kw6s3x for <>; Tue, 12 Mar 2019 18:37:05 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 281EE131107 for <>; Tue, 12 Mar 2019 18:37:05 -0700 (PDT)
Received: by with SMTP id j10so124947oij.13 for <>; Tue, 12 Mar 2019 18:37:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=5ss7/RWKH9xqfogH7igMbtpThl7B48BzsdKJmUATPGw=; b=m0qWTEUVu30LlYPYwzfDkyurmChwBKnV+O83Dm0BJEqTY3jqLCZCLtOFKw4D6rrsrk BUO5zheWU/1QdZYLRC6yIwcP+pR+SGEWHNcIRR1kmwi55S0tea5pDiBrOqHIJVRioDep 0ow5N2pAPZRiWbx+5+8um21yc3eVPp8NFmMD2BLByv5pIOyupvXnPVPxwxh+XVAHi162 +zVCWA3YXETT14ArDU/JaEMPENxawb5Um2QTQK1EXwCW6c4HMLMfTk013oX/rB+xwhaq AN1VVFTb4l+7C63pURNPcIR4X5lBec63tR6b9oplfBTIXVJOhkO3DeL8OrQwuXRfQgHm pQEA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=5ss7/RWKH9xqfogH7igMbtpThl7B48BzsdKJmUATPGw=; b=rWZwlxpSecyvy2/ta214ui/t3kGvejHFMCH91Tz7CzYEvEOXMOGBXaDxE6KtBLDk8b hAnBcs0mH1aBFbjzakk1yvlKahdyTvR4DnCfYa8GHiU8xhJFlbuynUaXEMjFJOrtask/ auiVG145RXjmCcnBFAESVp6Y7PyMYbOQwdi7JJayTYceVFwUZlWeLTShn27cx0+mp76o 6khza6wfInXvsPfi04ES5se3gtlaPQzu9rCQMNdCjYngWyiHKWnZNRYxw9eUigss0rtT /U1eyci3tdWgAVfKyVKjIcIsMOeEesujP0jBJIrN3hLtJe7h8lj584NlihZFMPI7SZcM 1GKQ==
X-Gm-Message-State: APjAAAW+4rtH5654nFihoZOO8jaBwBGQipI0Lj277k8Dfgz7mefMNPmq RL6rikzSxJA2dboCbsDs6xsR5lz3ljr01Ovgq3Y=
X-Google-Smtp-Source: APXvYqw3cOv+LSnQKPlMRtUVv/FPRD8uzapCrDk2iykcHFUwrN8xT9C7rMIRYbXA9bF1uTkLndiY3U7W8z5q0zD1PN8=
X-Received: by 2002:aca:3081:: with SMTP id w123mr192367oiw.141.1552441024507; Tue, 12 Mar 2019 18:37:04 -0700 (PDT)
MIME-Version: 1.0
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
From: denis bider <>
Date: Tue, 12 Mar 2019 20:36:52 -0500
Message-ID: <>
To: Michael StJohns <>
Cc: Richard Barnes <>, John Mattsson <>, CFRG <>, "RFC ISE (Adrian Farrel)" <>, secdir <>
Content-Type: multipart/alternative; boundary="000000000000ccf3430583efd72b"
Archived-At: <>
Subject: Re: [Cfrg] Time to recharter CFRG as a working group? Was: Re: [secdir] ISE seeks help with some crypto drafts
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 13 Mar 2019 01:37:13 -0000

For what it's worth, I think the counterpoint to "don't fix it if it isn't
broken" is "it's going to have to break before it's fixed".

It is not generally advisable to wait with fixing bridges until they're
actually broken, for example.

I think Michael is raising a legitimate issue and intuitively, it sounds
like the proper answer might be a dual charter as WG + RG. Perhaps this is
unusual, but it is an unusual group. I think it would be appropriate for
this group.


On Tue, Mar 12, 2019 at 3:43 PM Michael StJohns <>

> On 3/12/2019 2:56 PM, Richard Barnes wrote:
> Big +1 here.  It's not broke, so let's not fix it, especially for purely
> process-wonk reasons.
> Except its not quite just for process-wonk reasons.  The last couple of
> discussions have been about the IPR related to OCB and whether the CFRG
> should work on it because of that.   That's a perfectly fine set of
> discussions for a standards WG especially when considering which modes to
> include under recommended and mandatory to implement, but is probably out
> of place for an RG.     The RG ought to be answering the question "does
> this proposal have security flaws" and not "has the patent expired on this"
> but we seem to be getting far past the "discussing and analyzing" part of
> the CFRG charter?
> Our goal is to provide a forum for discussing and analyzing general
> cryptographic aspects of security protocols, and to offer guidance on the use
> of emerging mechanisms and new uses of existing mechanisms.
> I'd really like the CFRG to continue to be a place where anything
> cryptographic can be brought to be evaluated on its merits - but that -
> IMHO - doesn't seem to be the recent trend.
> I note that the CFRG has already published RFC7253 on OCB and the IETF
> published an RFC on MD5 many many years ago, so unless there are new
> security flaws in this set of documents, the answer to the ISE should be a
> no brainer of "we don't see any problems with the publication".    And at
> some point the patents *will* expire even if its not the 1-2 years that one
> poster suggested.
> In any event, I'm not going to push for this at this time, but I'm still
> confused about what would have to change if the charter were turned into a
> WG charter.
> Later, Mike
> On Mon, Mar 11, 2019 at 3:08 AM John Mattsson <>
> wrote:
>> I think it is much more important that CFRG stays a Research Group, than
>> it is that CFRG can produce standards track documents. CFRG is unique and
>> fills a very important roll. The fact that CFRG documents are used so much
>> indicates to me that CFRG is working very well. I would be very hesitant in
>> changing something that works.
>> Cheers,
>> John
> _______________________________________________
> Cfrg mailing list