Re: [Cfrg] Requesting removal of CFRG co-chair

David McGrew <> Thu, 26 December 2013 17:42 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 9A73C1AE254 for <>; Thu, 26 Dec 2013 09:42:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -12.339
X-Spam-Status: No, score=-12.339 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id L9u8B3orkxoP for <>; Thu, 26 Dec 2013 09:42:12 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id D8F5C1A1F05 for <>; Thu, 26 Dec 2013 09:42:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=2734; q=dns/txt; s=iport; t=1388079728; x=1389289328; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=u4B3v+szQ9y782rWZ9+zUn341haODT9OLruq74tZq2g=; b=eP1lCNFbdDnqykV2YRUNbIzk8Rim4MDC0BBc+iay4U8rZvafJRSpDWNk 8pSsECzgMjJtWuWXffYpx0bqENEyhAuZ3y6eH+MGxM3bkI9h0024s3WpE JgL+oQUIwP3LbvqcjA+ofgN/lb5meAI87NrCqE0KQvOsitLRyLA4zescM g=;
X-IronPort-AV: E=Sophos;i="4.95,555,1384300800"; d="scan'208";a="98265536"
Received: from ([]) by with ESMTP; 26 Dec 2013 17:42:08 +0000
Received: from [] ( []) by (8.14.5/8.14.5) with ESMTP id rBQHg78W028480; Thu, 26 Dec 2013 17:42:07 GMT
Message-ID: <>
Date: Thu, 26 Dec 2013 12:42:07 -0500
From: David McGrew <>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130922 Icedove/17.0.9
MIME-Version: 1.0
To: Tao Effect <>
References: <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: Trevor Perrin <>, "" <>, Brian Weis <>
Subject: Re: [Cfrg] Requesting removal of CFRG co-chair
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 26 Dec 2013 17:42:14 -0000

Hi Greg,

Ive trimmed the email to just the point that I can address best:

On 12/24/2013 07:04 PM, Tao Effect wrote:
> On Dec 24, 2013, at 5:13 PM, Dan Harkins <> wrote:
>>   I'm saying that the complaints today of
>> people who were not involved in the CFRG at that time and who still
>> do not understand the process involved ring particularly hollow.
> OK, then explain why no opportunity was given to raise objections (at that time).
> Is that just how the CFRG operates? The chair (or co-chair) picks the person they want to co-chair and the rest of the community has no say in it?

I described the process by which CFRG has come by the particular 
co-chairs in a recent email to Trevor.   Let me repeat that to make sure 
that your questions get answered, and provide a bit more detail.

Ran Canetti and I formed CFRG by following the process described in RFC 

                                  Anyone interested in creating an
    IRTF Research Group must submit a charter for the proposed group to
    the IRTF Chair along with a list of proposed founding members. The
    charter will be reviewed by the IRSG and then forwarded to the IAB
    for approval.  If approved, the charter is placed on the IRTF Web 
site, and
    published in the Internet Monthly Report (IMR).

When Ran stepped down, I sought a co-chair.   Strictly speaking, there 
does not need to be a co-chair.   It is sufficient for IRTF purposes to 
have a single chair.   In practice, it is better to have two chairs.   
This is especially true when the RG chair also authors RG documents; 
having a second chair enables us to avoid having a potential conflict of 
interest.   There was not a public call for a co-chair to replace Ran; 
this is not unusual for an IRTF Research Group.   I did have private 
discussions with a bunch of potential co-chair candidates at the time, 
who were people that were active in CFRG and in IETF security area at 
that time.  Lars Eggert, who chairs the entire IRTF, was also involved 
in these discussions and was quite helpful.   I asked the RG to affirm 
Kevin in the role of co-chair.  I cannot recall anyone expressing any 
reservations about Kevin at the time, either publicly or privately.

The Research Group needs to have chairs that it trusts, and who are 
trusted by the broader IETF and Internet communities that they work 
with.  People who have worked with Kevin trust him, but there is 
widespread mistrust of NSA in those broader communities.   The IRTF 
policies have not anticipated this situation.   Please bear with the 
IRTF leadership team for a little bit; the holiday week in the U.S. has 
slowed us down.