Re: [Cfrg] [secdir] Time to recharter CFRG as a working group? Was: Re: ISE seeks help with some crypto drafts

Melinda Shore <> Mon, 18 March 2019 06:53 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 37410124B16 for <>; Sun, 17 Mar 2019 23:53:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id jamlaN6Akkvr for <>; Sun, 17 Mar 2019 23:53:31 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::542]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 341B91310E5 for <>; Sun, 17 Mar 2019 23:53:31 -0700 (PDT)
Received: by with SMTP id v1so6020963pgi.5 for <>; Sun, 17 Mar 2019 23:53:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=ISfMpLHNUosTlRXkcWWPqsq2YaNh1qQh65WrC6Vgo14=; b=bdbDEPLTWkIaaNfwATg7Bo6jufgaZBFYsjzw6pXZ1PkbpargZn8vysQZdUPfYFjGuy c8DmyM9IpHeJdWtn1SjdsMvEK8gVba3fpBKeAKxEyj9LKkWiIst5uW+u1v6ywQymcgzZ JHQIXxQcUbXaAX2QfhQV60Cnq0MZk+s2/ujjyieW7Z6BxCxXgDV+qLvau0BY7JPEzboP G1tOf1ifqeai4F56Y90zWxLf8kPHRncdWGeccPrLLzbzc81qjrhKBVwQ6zZjZpIS9D/M IN+u6IKTSJQNtIN5TnQDNymR/WZqQxun6NbAy3qBxuiwVNIgYjJLklY3hQEkHGwEybT6 404g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=ISfMpLHNUosTlRXkcWWPqsq2YaNh1qQh65WrC6Vgo14=; b=kp3kcdcfx5cxgmYjNZ1JOjrDEN2koAHSMMy1ZRP4YIGIFoLlJODDGAI+GR4WdPG98P rDemBCH+QyZZIWoSQocBtro/tCTtECGDOL/V31RbcQWL7hMNQZmIPpY4hr2vHhvms/bu +viQVe13X8N13h5Ag2UjZIV44Vnjy06VAo31Q9+kAS4WnZOWZwPIIEA7DDHMwlp9er4D cnd7buPGN8qJYDf+8J6OT/GF6+gwujCqzjiHTROgJCG9/MfWrG9deav1B+IdF7+bt3aP RPwbJilkSo9Q+/EYNZivb5tsmVlEOhiTmBDp2BQWwE2fPfi0VL9vDfbt0b81OBrqJw0x twkA==
X-Gm-Message-State: APjAAAXpzPODRA+ZO1wPGIerokdfFh2XPvj+qdQzCD37u9AzAkzCmWub Ck79iA+Yo/ZKec5UqfV9398=
X-Google-Smtp-Source: APXvYqxLqBLFj1vKgmaxZYgEwz1QqJ/XKDRaAGotd3gLOM1gUMjcal4AT0hDrBldByPPRuP2KQmHYA==
X-Received: by 2002:a65:47cb:: with SMTP id f11mr16354086pgs.18.1552892010612; Sun, 17 Mar 2019 23:53:30 -0700 (PDT)
Received: from aspen.local ([]) by with ESMTPSA id i72sm18795142pfj.147.2019. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 17 Mar 2019 23:53:30 -0700 (PDT)
To: Peter Gutmann <>, denis bider <>
Cc: Uri Blumenthal <>, CFRG <>, "RFC ISE (Adrian Farrel)" <>, secdir <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
From: Melinda Shore <>
Message-ID: <>
Date: Sun, 17 Mar 2019 22:53:28 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.5.3
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <>
Subject: Re: [Cfrg] [secdir] Time to recharter CFRG as a working group? Was: Re: ISE seeks help with some crypto drafts
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 18 Mar 2019 06:53:33 -0000

On 3/17/19 10:23 PM, Peter Gutmann wrote:
> +1.  Mind you given the hassle in setting up a WG for it and getting things
> through the IETF, it might be easier to just set up a Github repository for
> documentation on what does what and how and rely on Google to point people to
> it.

I think this may be closer to the core issue ("the hassle in
setting up a WG").  Moving something from the IRTF to the IETF
is likely to slow down the publication process, frankly.  IRTF
RFCs do require review by the IRSG and the IESG but they are
not IETF consensus documents (see RFC 5743 for details on the
IRTF document stream process).  Second, note that CFRG does not
typically work on protocols, per se, and when it does it's
limited to things like specific key exchange mechanisms rather
than all-the-things-missing-from-pgp.

I agree there's a broader problem here but I don't see how it
would be addressed by moving CFRG, which doesn't work on most of
the problem areas mentioned, anyway, to a body with weightier
process requirements and slower processes.

I'll note that we haven't seen that many drafts addressing these
proposed ssh extensions and given that we're a document-driven
organization that also makes progress difficult.  I'm personally
very interested in lowering barriers to contribution.  That's
a tough one to address because tautology, but seems related to
your concerns.


Melinda Shore

Software longa, hardware brevis