Re: [Cfrg] Time to recharter CFRG as a working group? Was: Re: [secdir] ISE seeks help with some crypto drafts

Tony Arcieri <bascule@gmail.com> Sun, 10 March 2019 23:20 UTC

Return-Path: <bascule@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 069CB1277CD for <cfrg@ietfa.amsl.com>; Sun, 10 Mar 2019 16:20:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id empoekmwPWjp for <cfrg@ietfa.amsl.com>; Sun, 10 Mar 2019 16:20:12 -0700 (PDT)
Received: from mail-ot1-x32c.google.com (mail-ot1-x32c.google.com [IPv6:2607:f8b0:4864:20::32c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CE9E1275F3 for <cfrg@irtf.org>; Sun, 10 Mar 2019 16:20:12 -0700 (PDT)
Received: by mail-ot1-x32c.google.com with SMTP id i12so2387120otp.12 for <cfrg@irtf.org>; Sun, 10 Mar 2019 16:20:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ay02M+MW3ApP58/RV9kiAGFzjxMmoMPTxlAa4WB6vdo=; b=SxJvxLE9bw3f2LKhleCjKBeU0y6wGHX+lDzC7Tuz1ER5w00Cj1Zsuo6ABmavGXGTo0 XZcXyNeBUbsU8AEOcJF/XErNVN5R7ErfrlVz/fWg5HxbzlMfnlBQ3x7RFjh6U0sLJa+o 24HAS2Anozy282IfEw8sejqbJ2q34JHtpJEU0B2tZHqKV+rVhEMXN0ogBsER/h0sQHMb TvGabO3GNrikoQGxU/VbMT3zhPK9EpP1LCGbjfax+gzGUVM9S4GVTnXSOZ3YeFLvJAPQ W3REwcDbbDDPhMWKaXtU/eBmyhV53n3j6r+Ka3cAZ8AuKQzNtD37/o1PH3epz1yLU6m1 qtSQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ay02M+MW3ApP58/RV9kiAGFzjxMmoMPTxlAa4WB6vdo=; b=QkXqc6tTG34BnY+PET3/5Yl4HX1V7qJOGisUjCoyDD8fSAmvaDQ3W3RWP08O19Qngq qfZnRhNE7ry/WWeWpu77IFjSijtp0ZuBiuaDOirv2KTRGlaGWgqgZIPK/dPMxjsjiaLv aFO8kOilv2HIrLxLSTv0Pgs2XBPVTdWFEZOaQXniVjDCBkpcG41u6032YxdsL4RrwidF T4R3vJzjwp8lVmUYrQVu9ep0zDeUBukXvNzI+GV13ZPUv6E3PfINns+hHmYesCZ6VvUO 7XaYNgUoHm2AXakjIOX0cCerk8+Nex/UXK/xErMN1tEopMGVyvy4QL5deWJBkRYgjwFC qpTA==
X-Gm-Message-State: APjAAAV+bfy9jjvFSf8YZuVoncIoicVpVK5vhUJkPoeMmd5yd7haX79N 1l8n1UfIphMR0i03uN4W48Y2Kv96rBIs1A3KUmg=
X-Google-Smtp-Source: APXvYqxcpyHhjyp5qr9sjQQRsxJaU+SMAjKehOejLdpTF0SJlP9v91RnUndizHNjP38ZNUqsBMM86y9qB0JJ+5k3QWc=
X-Received: by 2002:a9d:3e41:: with SMTP id h1mr20104682otg.170.1552260011798; Sun, 10 Mar 2019 16:20:11 -0700 (PDT)
MIME-Version: 1.0
References: <1d8de489fc976b63a911573300a431d4.squirrel@www.amsl.com> <alpine.LRH.2.21.1903081227200.30421@bofh.nohats.ca> <CAHOTMVLtjVxZNy3bFRn09xH+cOw+tPi2CL3BkaQuJEqxAzGOJg@mail.gmail.com> <edca701b-21f3-c80c-d754-fc333f1e2e04@cs.tcd.ie> <20190310182935.GE8182@kduck.mit.edu> <B876B124-7EDE-4E20-A878-3AAD3FA074BC@krovetz.net> <20190310191026.GF8182@kduck.mit.edu> <CAHOTMVJcosEgYV9caWapgyzQfh-g4k5DQry5n42bEfrkJvmdWQ@mail.gmail.com> <042b3f13-7d5a-12d7-e604-9f8cad197608@cs.tcd.ie> <CANeU+ZCmiTKfE1_YgjM6GX9ZCw_35mZoT8M-6VL72UhbenT2og@mail.gmail.com>
In-Reply-To: <CANeU+ZCmiTKfE1_YgjM6GX9ZCw_35mZoT8M-6VL72UhbenT2og@mail.gmail.com>
From: Tony Arcieri <bascule@gmail.com>
Date: Sun, 10 Mar 2019 16:20:01 -0700
Message-ID: <CAHOTMVJ2StG-wv6FRMescF=0PiZ4ei-MA0H+EV3QNiCb8yGFCQ@mail.gmail.com>
To: "StJohns, Michael" <msj@nthpermutation.com>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, CFRG <cfrg@irtf.org>, "RFC ISE (Adrian Farrel)" <rfc-ise@rfc-editor.org>, secdir <secdir@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000009a36c10583c5b26d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/_Awr_pfzd1-ga6y961sO5ncMa2s>
Subject: Re: [Cfrg] Time to recharter CFRG as a working group? Was: Re: [secdir] ISE seeks help with some crypto drafts
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Mar 2019 23:20:15 -0000

On Sun, Mar 10, 2019 at 3:46 PM StJohns, Michael <msj@nthpermutation.com>
wrote:

> In recent years, the CFRG has produced documents that are for lack of a
> better phrase de facto standards.  The rate of document production of the
> CFRG mimics more closely that of a WG than the other extant RGs AFAICT.
> As an RG the CFRG isn’t permitted to publish standards track documents, nor
> is the IESG or the ISE permitted or constrained to require a conflict
> review on the documents the CFRG does produce.  [the latter comment is my
> understanding of the rules of the research stream - it may be flawed, but
> the purpose of RGs is supposed to be looking at futures and that by
> definition shouldn’t be conflicting with the nows].
>

An interesting datapoint on this is Dragonfly key exchange, published as
RFC 7664, has now been incorporated into the Wifi Alliance's WPA3 standard:

https://sarwiki.informatik.hu-berlin.de/WPA3_Dragonfly_Handshake

I will preface the following statement by saying that my criticisms of
Dragonfly on the CFRG list at the time were misinformed and due to a lack
of understanding, and would now call it "okay" (and many of my concerns
were assuaged after it received a security proof). However, I think it's
fair to say that as a non-standards document, it has something of a sordid
history:

https://arstechnica.com/information-technology/2013/12/critics-nsa-agent-co-chairing-key-crypto-standards-body-should-be-removed/

I think if there were a WG chartered specifically with a standards-track
document for what the next generation key exchange to be used for use cases
similar to and including, but not limited to WiFi were, my best guess is we
could've done better than Dragonfly. I'm not sure why the Wifi Alliance
chose it specifically, but it seems the CFRG was treated at least in part
as a bar the algorithm must pass for incorporation into their standards,
and for a standard of such importance I guess what I'm saying is I wish
that bar were higher.

-- 
Tony Arcieri