Re: [Cfrg] Requesting removal of CFRG co-chair

William Whyte <> Mon, 23 December 2013 18:05 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 7536B1AE24A for <>; Mon, 23 Dec 2013 10:05:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.379
X-Spam-Status: No, score=-1.379 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id aBScLMqemAA0 for <>; Mon, 23 Dec 2013 10:05:18 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:400d:c02::234]) by (Postfix) with ESMTP id 96A1F1AE243 for <>; Mon, 23 Dec 2013 10:05:18 -0800 (PST)
Received: by with SMTP id ne12so5338862qeb.25 for <>; Mon, 23 Dec 2013 10:05:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=from:references:in-reply-to:mime-version:thread-index:date :message-id:subject:to:cc:content-type; bh=moUQYars0XSI7zxccrVmKCoOBaPXosOGRlTfQP3XSt4=; b=eIf4lAcP/Vc2u5lgxAQvV5EJDdwE7yJ4FgjI3nVrciObY2HFVzQohcuNt7HREAblQ+ iDnS4yti+nDrwwhz79CkkP9QoCZuuKfP0gufg4BTcEiTIG8NnfsRpKoGP71o12+eJnCq OEpIA7A1mC7fohOvsz/k+T02E8f747gTyrHFE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:from:references:in-reply-to:mime-version :thread-index:date:message-id:subject:to:cc:content-type; bh=moUQYars0XSI7zxccrVmKCoOBaPXosOGRlTfQP3XSt4=; b=NV3OKfZxsh7QFT0j0KtopcDdPbIMm69vFWb6VlVSRreXraY9y62hoPYAHhbu/iTuIj fstv79KzSzly0HhedYcmKbzDBmmVb3wtbjt1P6j+KEyzljtRQKtrQZY/MSq3+/9szFn1 EsoRyM49rt5naDbJUa+LmTrx2halhah4XR4fCGzMkrJwVv5oFmXqz4+Uf1hZqN6mgPWG vU/JUvLC3ngsI1qKhgcbLsEOseVq9XkXFc00BQ4qFkM9XITcNsV9WYutI8ADiUQPXeOT MXO7z9rD4685mRChbquFhcpIVvJ9D0yX40IweN6PCigvr2c78RghRwY9UvttDOnYXRVJ R6jQ==
X-Gm-Message-State: ALoCoQljhv767mc+FOAdT+4y6VFo43dbpklS037DlcPLdwDDOfr0mbxiTWNPCy73JnHJ9Y6D6Igy
X-Received: by with SMTP id ky8mr44795754qeb.29.1387821914845; Mon, 23 Dec 2013 10:05:14 -0800 (PST)
From: William Whyte <>
References: <> <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
MIME-Version: 1.0
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQJaxb4Hm5mPf46/b71KobCmf/69qAMUwAViAlyYb9ABzrM+gAIw5dVZAdW7HrUBqzHujgGpZDxGAjjzt3cB8Ayh0gHOY1I8AWjJeOSYmqnZUA==
Date: Mon, 23 Dec 2013 13:05:15 -0500
Message-ID: <>
To: Yoav Nir <>, Tao Effect <>
Content-Type: text/plain; charset="ISO-8859-1"
Subject: Re: [Cfrg] Requesting removal of CFRG co-chair
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 23 Dec 2013 18:05:20 -0000

Hi Yoav,

> It sure seems like it. More than one person on this list has stated that
this is nothing personal, but an employee of the NSA (one of tens or
hundreds of thousands) is automatically disqualified from chairing a
working group.

My position is that the NSA's mission includes subverting cryptographic
standards, and so it is inappropriate for an NSA employee to chair a
crypto working group in a standards body.

I don't have a problem with an NSA employee chairing a working group with
a different focus, and I don't have a problem with an NSA employee being
an individual contributor.

I don't have a position on Dragonfly and wasn't paying attention at the
time when Kevin is alleged to have made statements on behalf of CFRG. The
situation with Dragonfly matters to me only in so far as it has brought
attention to the fact that Kevin has a conflict between his employer's
mission and that of CFRG. Given this conflict, I think it is appropriate
for Kevin to resign or be removed. It is not clear that it is possible for
him to have the group's best interests at heart.



-----Original Message-----
From: Cfrg [] On Behalf Of Yoav Nir
Sent: Monday, December 23, 2013 11:09 AM
To: Tao Effect
Subject: Re: [Cfrg] Requesting removal of CFRG co-chair

On Dec 23, 2013, at 5:21 PM, Tao Effect <>

> On Dec 23, 2013, at 3:57 AM, Robert Ransom <>
>> I note that none of the few people who are speaking in defense of
>> Kevin Igoe have even acknowledged the specific acts that Trevor
>> Perrin listed at the beginning of this thread, much less tried to
>> refute the charges or defend Mr. Igoe's acts.
> Excellent observation! Instead of doing that, the response has been that
a "witch hunt" is taking place, and that this is all based on
> And yet, neither of those claims is true.

It sure seems like it. More than one person on this list has stated that
this is nothing personal, but an employee of the NSA (one of tens or
hundreds of thousands) is automatically disqualified from chairing a
working group.

The arguments against him are the kind that are leveled against IETF
working group chairs on a regular basis - that they see consensus where
consensus does not exist. Such arguments are easy to prove or disprove,
because the mailing lists are public. I've seen plenty of arguments about
whether the two people + author who liked the proposal vs the one person
who asked a question and never replied to the list again constitute
"consensus". None of those arguments resulted in a petition to remove the
chair. I can only conclude that Kevin is getting special treatment because
of his organizational affiliation, which IMO sets a very bad precedent.

For the sake of argument, I will concede that all the accusations made are
true: that (other than Dan) Kevin had the only message to the CFRG list
with a favorable opinion of Dragonfly and that he presented that in a
private message to the TLS chairs as "CFRG is fine with this algorithm".
This could at worst be construed as mismanagement. Yet people present this
as a malicious attempt by the USG to subvert the standards process so that
people authenticate with a method that leaks timing information?  At the
TLS layer or all places. That accusation is baseless and makes no sense
for several reasons:
 - Nobody uses passwords at the TLS layer. A PAKE has been defined for
years, and it's implemented in the most popular library. Nobody cares
(sorry, Dan)
 - If the USG is spending money subverting the standards process to
standardize a vulnerable password-in-TLS method, Americans should be
worried - it's a monumental waste of their tax dollars.
 - The widespread surveillance that the Snowden documents revealed was all
done with no cryptography. It was all done by gaining access to the
plaintext or gaining access to keys. The agent trying to sabotage the
standards process would not be a cryptographer with an email.
They'd be more surreptitious about it. (yeah, I know - that's what they'd
like me to think)

I don't know Kevin personally, and have never exchanged a word or an email
with him, but I believe that he is the target of a witch hunt.


Cfrg mailing list