Re: [Cfrg] Response to the request to remove CFRG co-chair
Watson Ladd <watsonbladd@gmail.com> Wed, 08 January 2014 14:53 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0052D1AE409; Wed, 8 Jan 2014 06:53:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, LOTS_OF_MONEY=0.001, SPF_PASS=-0.001] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2gOY2Y4g8ako; Wed, 8 Jan 2014 06:53:30 -0800 (PST)
Received: from mail-wg0-x22e.google.com (mail-wg0-x22e.google.com [IPv6:2a00:1450:400c:c00::22e]) by ietfa.amsl.com (Postfix) with ESMTP id A0ED01AE405; Wed, 8 Jan 2014 06:53:29 -0800 (PST)
Received: by mail-wg0-f46.google.com with SMTP id m15so1511764wgh.13 for <multiple recipients>; Wed, 08 Jan 2014 06:53:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=R7oXmHg2f/e6nqZwYglWmKZ5G5DvbeRjd27YUVXSkho=; b=M8yH1hPrfEJDIXHp0Dv65o78MJLZjYAwJDOfFQc1l989aKx6WRYtkneHW9pSpb765e 7Zuwz0KzHHxxQp6AAPbQpn/9ToQOzRKMckRUh6I6/CrcfAcXbjsIIoLb9NrwzSAegECx MTq0/cS4f1FuqcNH2RS2z0VsabqnwqNz278Y8Cq8mwhj9YcBfSr+O0BfGImDlnFet0fd mi2ibKYNgAAk0tI1mJQ5EthKtCWiBHO/f4P/W18XzvwVqsyQcF7eIFuDZH4Bc802S/jQ WdrgmADvHx4hwkWZ0CMbGlx4d8ebRYBOpq/R5aGLAwZ4haZ92REOtWHH7gs0SLtCfNxw EP9A==
MIME-Version: 1.0
X-Received: by 10.180.95.162 with SMTP id dl2mr21994445wib.17.1389192799845; Wed, 08 Jan 2014 06:53:19 -0800 (PST)
Received: by 10.194.242.131 with HTTP; Wed, 8 Jan 2014 06:53:19 -0800 (PST)
In-Reply-To: <853B0E5F-E5AC-4CE0-BCBC-602828D4AEE7@viega.org>
References: <492D56BD-6F33-480D-877E-02D907C5F4AA@netapp.com> <CAGZ8ZG37MoEMaPwjJynCceGpjoPASXd5CC9AG1bzdm8ZFPpDtA@mail.gmail.com> <52CD4637.2070207@cisco.com> <20140108134213.GA26603@netbook.cypherspace.org> <853B0E5F-E5AC-4CE0-BCBC-602828D4AEE7@viega.org>
Date: Wed, 08 Jan 2014 06:53:19 -0800
Message-ID: <CACsn0cmtce4tWEm1NYJ41aauFL-wD3f7F1vMsv73Fao-earFxw@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: John Viega <john@viega.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: Adam Back <adam@cypherspace.org>, "cfrg@irtf.org" <cfrg@irtf.org>, David McGrew <mcgrew@cisco.com>, "irtf-chair@irtf.org" <irtf-chair@irtf.org>, Trevor Perrin <trevp@trevp.net>, IAB IAB <iab@iab.org>
Subject: Re: [Cfrg] Response to the request to remove CFRG co-chair
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jan 2014 14:53:33 -0000
On Wed, Jan 8, 2014 at 6:37 AM, John Viega <john@viega.org> wrote: > I agree with David that competence doesn’t factor into it. > > Conflict of interest is an issue here. But again, even before recent NSA > revelations, there would often be participants with a conflict— good of the > participant’s company vs. good of the world. Even now, where NSA is part of > the threat model, we shouldn’t expect every actor with a conflict is going > to walk in with an NSA badge. The solution is tighter standards about our standards. The conflict of interest with IPR isn't as bad as not having candor about known weaknesses. We will need to talk about Certicom IPR at some point: I've seen many emails in which Certicom employees don't mention patents they have authorship on related to the ideas they are flogging, as well as some patent FUD related to Montgomery curves. But that's secondary to weak standards getting pushed through the process by chairs, even when the customer WG doesn't want it any more (TLS will not consider Dragonfly again). > > I don’t think conflict of interest is a good enough basis for removing a > chair. The IETF/IRTF needs to be able to design standards when many actors > have conflicts, and should be able to give confidence in what they produce. > > The most important thing from my perspective is making sure the IETF/IRTF > has the public trust. I think it’s possible to do this without removing > Kevin, especially if the IETF/IRTF can clearly communicate how it prevents > subversion. And as I've documented extensively, the CFRG process that was actually being followed did not prevent subversion. Kevin's misrepresentation of Dragonfly was harmless only because Rene Struik and others smelled a rat. Imagine if this was heading into a WG without any cryptographers, and they had taken Kevin's suggestion of exponentiation seriously. That could easily have happened. There need to be changes made to the process to harden it against this sort of thing: either following the process we have or designing new measures. > > That is, if the world cares enough. I suspect that very few people are > going to boycott IETF/IRTF-driven standards if no further action is taken. They already have: DJB doesn't send CurveCP to the IETF, he publishes it online. Safecurves is seeing large adoption outside the IETF framework. OpenSSH has pushed a bunch of new ciphers into production: I don't know how far ahead of the standard they are. IETF standardization needs to catch up here: people see a need for using non-NIST curves and ciphers (in some cases due to attacks based on implementation properties), and we aren't helping people with that need. We also haven't dealt with a lot of terrible, terrible issues in TLS validation code or lack thereof. Outside IETF projects exist for this, but I feel that an IETF imprimatur does matter especially to bodies like PCI DSS that don't have cryptographers of their own. What do we do instead? Rehash what the CRYPTO'13 rump session did much more elegantly [1]. It's easy to pontificate about how bad the NSA is, but when it comes to protecting the Internet, we've known for years what is required, and our job is to find the problems that exist with that goal, and fix them. [1] http://www.youtube.com/watch?v=cVUIk6nXVcw > > John > > > John Viega | cel +1 212-321-0902 > > On Jan 8, 2014, at 8:42 AM, Adam Back <adam@cypherspace.org> wrote: > > I support Trevor in raising the conflict of interest, its pretty egregious > and Kevin should in my view resign gracefully to end this mess. If hes > clean and works for IA as he says its a nice way out. If hes not and is > actually part of the sabotage side its still a quieter way out than being > pushed. It probably doesnt look as clean either way if he is pushed. If he > is not pushed it just creates bad impression of the impartiality of IRTF. > Sort of like the justice system closing ranks and supporting Hoover after > the scandal and him staying in office with immunity by analogy. I am not > sure of the game theory from NSA sabotage side, if they would prefer Kevin > (whether on their budget or not) to let the noise continue and be pushed or > skip the noise and resign, or noise continue, plus fail to push him and > continue with the resentment and reputation loss to IRTF. > > There is some validity in what David said below also. Some of Kevins stuff > looks suspicious to others also, its certainly not just Trevor, but of > course its not provable - the worst parts are either innocuously > ill-considered/sub-optimal suggestions, as with the next guy prone to human > failure (which is somewhat plausible) or designed to be unprovable. > $250m/year managed with military intent can achieve that you know, its not > hard. There are unclassified military intelligence double agent sabotge > manuals that Ian Grigg posts quotes from now and then that show the basic > ideas. Most of them still seem quite relevant. > > Anyway the point I wanted to draw from David's comment is we cant and wont > be able to prove it. BUT I think anyone is certainly within their right to > comment on things that look suspicious, or insecure. See I think for > comparison the RNG bias Bleichenbacher found in DSA RNG leading to key > recovery are fair game. As is Ferguson et al's comments about EC_DRBG. Or > Trevors about some of the decisions relating to Dragonfly. Or Prof > Bernstein's comments about Kevin's recent post here about certicom patents > pushing towards less secure curves (see the crypto list). > > Its called peer review. If anyone cant stand their thoughts and public > statements being peer reviewed, probably participating in IRTF/IETF or > uncensored internet discussion in general is not for them. As we have > pretty incontrovertible proof that NSA has been sabotaging standards, > unfortunately that opens up review of input to the standards influenced by > any NSA participants. Its ugly but we didnt create the problem, Kevin's > employer did. Sorry. > > So unfortunately it is probably relevant that apart from conflict of > interest, the public record is not suspicionless. Imagine NSA / NIST > communications about EC DRBG were public. There'd be a pretty clear public > interest to go over the history of it, see who was supporting it or aware of > it within NIST. Its really not that dissimilar. > > We may in the longer term have to review and even deprecate existing > standards as a result of this militarized sabotage of its own and global > civilian infrastructure. > > ps I support Trevor in rejecting Lars assertion that IRTF co-chair has no > influence. > > Adam > > (IETF participant since 1996). > > On Wed, Jan 08, 2014 at 07:36:07AM -0500, David McGrew wrote: > > Hi Trevor, > > I recognize and support your right to raise the question of a conflict of > interest between the NSA and CFRG. I am confident that the IRTF chair and > IAB will give it due consideration. > > However, I am concerned that your efforts to find evidence in the CFRG email > archive that support the idea that Kevin is incompetent are unwarranted and > counterproductive. While many people agree with you about the conflict of > interest, many disagree with you on the subject of competence. It is not > hard to go through the email archive and find examples where someone > misstated something, or did not explain something completely, but doing so > does not advance the security or privacy on the Internet, which is the goal > that you and I share for CFRG. That goal would best be served by focusing > the valuable time of the research group members (a scarce resource that we > need to manage well) on addressing technical issues. Therefore, I > respectfully ask that, in your request to the IAB, you focus on the key > issue of the conflict of interest. > > David > > On 01/06/2014 08:48 PM, Trevor Perrin wrote: > > Hi Lars, > > Thanks for considering this request. > > Of course, I'm disappointed with the response. > > -- > > I brought to your attention Kevin's record of technical mistakes and > mismanagement over a two year period, on the major issue he has > handled as CFRG co-chair. You counted this as a single "occurrence", > and considered only the narrow question whether it is "of a severity > that would warrant an immediate dismissal". > > I appreciate your desire to be fair to Kevin and give him the benefit > of the doubt. But it would be better to consider what's best for > CFRG. CFRG needs a competent and diligent chair who could lead review > of something like Dragonfly to a successful outcome, instead of the > debacle it has become. > > -- > > I also raised a conflict-of-interest concern regarding Kevin's NSA > employment. You considered this from the perspectives of: > (A) Kevin's ability to subvert the group's work, and > (B) the impact on RG participation. > > Regarding (A), you assessed that IRTF chairs "are little more than > group secretaries" who "do not wield more power over the content of > the ongoing work than other research group participants". > > That's a noble ideal, but in practice it's untrue. Chairs are > responsible for creating agendas, running meetings, deciding when and > how to call for consensus, interpreting the consensus, and liaising > with other parties. All this gives them a great deal of power in > steering a group's work. > > You also assessed that the IETF/IRTF's "open processes" are an > adequate safeguard against NSA subversion, even by a group chair. I'm > not sure of that. I worry about soft forms of sabotage like making > Internet crypto hard to implement securely, and hard to deploy widely; > or tipping groups towards dysfunction and ineffectiveness. Since > these are common failure modes for IETF/IRTF crypto activities, I'm > not convinced IETF/IRTF process would adequately detect this. > > > Regarding (B), you judged this a "tradeoff" between those who would > not participate in an NSA-chaired CFRG (like myself), and those > "affiliated with NSA" whom you presume we would "eliminate" from > participating. > > Of course, that's a bogeyman. No-one wants to prevent anyone else > from participating. > > But the chair role is not a right given to every participant, it's a > responsibility given to those we trust. The IETF/IRTF should not > support a chair for any activity X that has a strong interest in > sabotaging X. This isn't a "slippery slope", it's common sense. > > -- > > Finally, I think Kevin's NSA affiliation, and the recent revelations > of NSA sabotage of a crypto standard, raises issues you did not > consider. > > You did not consider the cloud of distrust which will hang over an > NSA-chaired CFRG, and over the ideas it endorses. > > You also did not consider that as the premier Internet standards > organization, the IETF/IRTF's actions here will make an unavoidable > statement regarding the acceptability of such sabotage. > > We have the opportunity to send a message that sabotaging crypto > standards is unacceptable and destroys public trust in those > organizations in a way that has real consequences. Or we send a > message that it's no big deal. > > This is a political consideration rather than a technical one, but it > needs to be considered. We're sending a message either way. > > -- > > I understand there's no formal appeal process, but these issues are of > great importance to the IRTF and IETF, and would benefit from the > perspective IAB possesses. > > I would appreciate if the IAB would consider reviewing this issue and > expressing its judgement. > > > Trevor > > > (a couple comments below) > > > On Sat, Jan 4, 2014 at 11:49 PM, Eggert, Lars <lars@netapp.com> wrote: > > Hi, > > on Dec 20, 2013, I received a request from Trevor Perrin in my role as IRTF > Chair to consider the removal of Kevin Igoe as one of the co-chairs of the > IRTF's Crypto Forum Research Group (CFRG). The request stated several > reasons for the removal: > > (1) That Kevin Igoe provided the only positive feedback on the "Dragonfly" > key exchange protocol. > > (2) That Kevin Igoe made technical suggestions that would have weakened the > cryptographic properties of "Dragonfly". > > (3) That Kevin Igoe misrepresented the CFRG opinion on "Dragonfly" to the > IETF's TLS working group. > > (4) That Kevin Igoe is employed by the NSA. > > I have reviewed the mailing list discussion, as well as the emails that were > sent privately. Thank you all for being candid in your feedback. > > David McGrew, the CFRG's other co-chair, has already posted a detailed > timeline of events on points 1-3 to the list and concluded that the research > group process has been followed imperfectly. I share this conclusion. > > Dragonfly discussions started in December 2011. David's timeline > begins in October 2012, skipping: > * The early critical feedback which Kevin ignored [1] > * Kevin's "nitpicking detail" which breaks the protocol's security [2] > * Kevin's cheerleading for a protocol whose use cases and > alternatives he made no effort to understand [3] > > [1] > http://www.ietf.org/mail-archive/web/cfrg/current/msg03046.html > http://www.ietf.org/mail-archive/web/cfrg/current/msg03052.html > http://www.ietf.org/proceedings/83/minutes/minutes-83-cfrg.txt > > [2] > http://www.ietf.org/mail-archive/web/cfrg/current/msg03047.html > > [3] > http://www.ietf.org/mail-archive/web/cfrg/current/msg03047.html > http://www.ietf.org/proceedings/84/minutes/minutes-84-tls > > > [...] > > So unlike the title "co-chair" might imply, and unlike in many other > organizations, IRTF co-chairs are little more than group secretaries. > > The chair is far more than a "group secretary". As RFC 2014 section 5.3 > states: > """ > The Research Group Chair is concerned with making forward progress in > the areas under investigation, and has wide discretion in the conduct > of Research Group business. [...] The Chair has ultimate responsibility > for ensuring that a Research Group achieves forward progress. > """ > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > http://www.irtf.org/mailman/listinfo/cfrg > . > > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > http://www.irtf.org/mailman/listinfo/cfrg > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > http://www.irtf.org/mailman/listinfo/cfrg > > > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > http://www.irtf.org/mailman/listinfo/cfrg > -- "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin
- [Cfrg] Response to the request to remove CFRG co-… Eggert, Lars
- Re: [Cfrg] Response to the request to remove CFRG… Alyssa Rowan
- Re: [Cfrg] Response to the request to remove CFRG… Trevor Perrin
- Re: [Cfrg] Response to the request to remove CFRG… Adam Back
- Re: [Cfrg] Response to the request to remove CFRG… Greg Rose
- Re: [Cfrg] [IAB] Response to the request to remov… Trevor Perrin
- Re: [Cfrg] Response to the request to remove CFRG… David McGrew
- Re: [Cfrg] Response to the request to remove CFRG… Adam Back
- Re: [Cfrg] Response to the request to remove CFRG… John Viega
- Re: [Cfrg] Response to the request to remove CFRG… Watson Ladd
- Re: [Cfrg] Response to the request to remove CFRG… Adam Back
- Re: [Cfrg] Response to the request to remove CFRG… Stephen Farrell
- Re: [Cfrg] Response to the request to remove CFRG… Trevor Perrin
- Re: [Cfrg] Response to the request to remove CFRG… Stephen Farrell
- Re: [Cfrg] Response to the request to remove CFRG… Trevor Perrin
- Re: [Cfrg] Response to the request to remove CFRG… Stephen Farrell
- Re: [Cfrg] Response to the request to remove CFRG… Watson Ladd
- Re: [Cfrg] Response to the request to remove CFRG… Dan Harkins
- Re: [Cfrg] Response to the request to remove CFRG… Trevor Perrin
- Re: [Cfrg] Response to the request to remove CFRG… Stephen Farrell
- Re: [Cfrg] [IAB] Response to the request to remov… Trevor Perrin