IETF Logo Mail Archive

Re: [Cfrg] how can CFRG improve cryptography in the Internet?

David McGrew <mcgrew@cisco.com> Mon, 17 February 2014 22:51 UTC

Return-Path: <mcgrew@cisco.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40BB31A04ED for <cfrg@ietfa.amsl.com>; Mon, 17 Feb 2014 14:51:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.049
X-Spam-Level:
X-Spam-Status: No, score=-10.049 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.548, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B6vMCP3nOfN4 for <cfrg@ietfa.amsl.com>; Mon, 17 Feb 2014 14:51:46 -0800 (PST)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) by ietfa.amsl.com (Postfix) with ESMTP id 794041A0422 for <cfrg@irtf.org>; Mon, 17 Feb 2014 14:51:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2036; q=dns/txt; s=iport; t=1392677504; x=1393887104; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=2mXohVp6Bd3H0oI7lT/6u8CJFeCXdy5tBJjMV1qJ1UY=; b=MVItpJohG83T7fjoYoCr6fiSFB54YODY/3WxX7qWhemUICkj6sc0aSCH Faee1yh7r9BvaNBVw5PgUqLgK/Hb0xWshnK9S/+A2g9xjY3KqY6UdjgS8 I5unw4Dwi3t1CkhY8eJ+uQEhZMCBnusaOJ0TNnQvd2KEacSvQhFn8y3dZ Y=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AhoFANKRAlOtJXG//2dsb2JhbABZgwa9T4MKgR4WdIIlAQEBBDg6BgEQCxgJFg8JAwIBAgFFBg0BBwIQh3HKSBePAQeEOAEDiUiKOYQrhkeLXINLHg
X-IronPort-AV: E=Sophos;i="4.95,863,1384300800"; d="scan'208";a="21113378"
Received: from rcdn-core2-4.cisco.com ([173.37.113.191]) by alln-iport-1.cisco.com with ESMTP; 17 Feb 2014 22:51:41 +0000
Received: from [10.0.2.15] (rtp-mcgrew-8914.cisco.com [10.117.10.229]) by rcdn-core2-4.cisco.com (8.14.5/8.14.5) with ESMTP id s1HMpcRi027913; Mon, 17 Feb 2014 22:51:39 GMT
Message-ID: <5302927B.4030009@cisco.com>
Date: Mon, 17 Feb 2014 17:51:39 -0500
From: David McGrew <mcgrew@cisco.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130922 Icedove/17.0.9
MIME-Version: 1.0
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
References: <CACsn0ckOL8xdp5z7DdB9wyHhFpax0DhVXjsUMuGj39HgKk4YBA@mail.gmail.com> <52f50c59.aa1b8c0a.77c0.4985SMTPIN_ADDED_MISSING@mx.google.com> <CACsn0cnYkDwyAdwdf0+-JtksWu4NhKPr3L2emG2b3kFDe5v6hg@mail.gmail.com> <52F52E2D.8090104@cisco.com> <52F55236.1070800@gmx.net> <52F925FD.4030204@cisco.com> <52FBAA96.8090802@gmx.net>
In-Reply-To: <52FBAA96.8090802@gmx.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/bKyNK9ANKN9K-ZiSlQbiRea1bF4
Cc: "cfrg@irtf.org" <cfrg@irtf.org>, "nmav@gnutls.org" <nmav@gnutls.org>
Subject: Re: [Cfrg] how can CFRG improve cryptography in the Internet?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Feb 2014 22:51:49 -0000

Hi Hannes,

On 02/12/2014 12:08 PM, Hannes Tschofenig wrote:
> Hi David,
>
> I believe it is important to move beyond writing specifications to
> improving implementations and deployments. I think we both agree. I have
> been arguing for this for a while now and got pretty much no positive
> feedback. I also tried to convince the IAB that this would be somewhat
> important and completely failed. The response I got was: "This would
> require a completely different skill set." and "ISOC should do it."
>
> I don't have a good story for how to do that even at the level of
> individual work groups. I tried this in the OAuth working group and
> couldn't really find a way how to reach out to the large number of guys
> implementing OAuth libraries let alone those who deploy them.
>
> The CFRG might, unfortunately, not be the right group either. To me it
> seems that the folks in this group are focused on crypto (as the name of
> the group indicates). What we need is guys who understand the broader
> Internet ecosystem and know how to improve security libraries and to
> reach out to the wider Internet (security) community. One does not need
> to start from scratch since some of these communities exist but they
> often have no connection to the IETF or the relationship is very weak.
> As such, you often find a misalignment between the IETF security
> community and various other groups.

I think I know what you mean.   My own thinking in this space is that it 
would be healthy to develop stronger connections with the open source 
community.   For instance, if CFRG were to recommend a particular crypto 
mechanism, and then it turns out that the linux community rejects that 
mechanism (due to patents, performance, code size, complexity, API 
incompatibility, whatever), then there is probably something that we 
need to learn.   Better connections with the open source world could 
address some of that misalignment you mention, I think, though of course 
it is no panacea.

David

v2.23.0 | Report a Bug | By Email