Re: [Cfrg] how can CFRG improve cryptography in the Internet?
Rene Struik <rstruik.ext@gmail.com> Thu, 13 February 2014 18:21 UTC
Return-Path: <rstruik.ext@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 513041A03DB for <cfrg@ietfa.amsl.com>; Thu, 13 Feb 2014 10:21:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g7ZOaKOvHcQd for <cfrg@ietfa.amsl.com>; Thu, 13 Feb 2014 10:21:16 -0800 (PST)
Received: from mail-ob0-x22e.google.com (mail-ob0-x22e.google.com [IPv6:2607:f8b0:4003:c01::22e]) by ietfa.amsl.com (Postfix) with ESMTP id 9CC4F1A0376 for <cfrg@irtf.org>; Thu, 13 Feb 2014 10:21:16 -0800 (PST)
Received: by mail-ob0-f174.google.com with SMTP id uy5so12587235obc.19 for <cfrg@irtf.org>; Thu, 13 Feb 2014 10:21:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=8fKi8tfi+MrmgGdJxkb40LO48G6xporVh/pWIvJII1o=; b=IzRUBQoYxcVR5p5mbAN1EcimjTJMp5ZdvkWiUKAn5gEvM15PVv+Dit5wniC/YkIMZF SZ9iKns4yMpOdZG7TdUn8c1RdPzZOSd3vxLbA5thUSXP+kjhGZ1P7j8BUo7EFghb1thE 32QqA3aHsHblTsF84GHcMiH2kBZLszxpGsGkiG1hFyxGWqG4DMMuYYM06YNDsuGwkKWy AajtHQ5FLVcTXPupVr42FNFpus8wC+wLgv4EQJRIgDBQ/3DkivzJITrBYPyktkTjeXpq a/ei0eS6bOIqUklzb1Vo7TAJnJ1NyGll8X/8A+zwRjTj5peDM+BXGZXYJ0J7Gxw7YMEs QW9A==
X-Received: by 10.60.246.164 with SMTP id xx4mr2418103oec.25.1392315675289; Thu, 13 Feb 2014 10:21:15 -0800 (PST)
Received: from [192.168.1.104] (CPE0013100e2c51-CM001cea35caa6.cpe.net.cable.rogers.com. [99.231.3.110]) by mx.google.com with ESMTPSA id qe2sm7783623obc.1.2014.02.13.10.21.12 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 13 Feb 2014 10:21:14 -0800 (PST)
Message-ID: <52FD0D0C.4030805@gmail.com>
Date: Thu, 13 Feb 2014 13:21:00 -0500
From: Rene Struik <rstruik.ext@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, David McGrew <mcgrew@cisco.com>
References: <CACsn0ckOL8xdp5z7DdB9wyHhFpax0DhVXjsUMuGj39HgKk4YBA@mail.gmail.com> <52f50c59.aa1b8c0a.77c0.4985SMTPIN_ADDED_MISSING@mx.google.com> <CACsn0cnYkDwyAdwdf0+-JtksWu4NhKPr3L2emG2b3kFDe5v6hg@mail.gmail.com> <52F52E2D.8090104@cisco.com> <52F55236.1070800@gmx.net> <52F925FD.4030204@cisco.com> <52F930F0.9090700@gmail.com> <52FBAB29.7050102@gmx.net>
In-Reply-To: <52FBAB29.7050102@gmx.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/h_UHe6d3xamqADSJU0J3OMJiYws
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] how can CFRG improve cryptography in the Internet?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Feb 2014 18:21:20 -0000
To me, this seems to be an entirely new perspective on what it means to be an engineer or scientist :(((. == So, why would you care when things are going fine anyway? On 2/12/2014 12:11 PM, Hannes Tschofenig wrote: > Hi Rene, > > my impression was that until recently many IETF participants just > trusted NIST to do the right thing. So, why would you care when things > are going fine anyway? > > During the last few months that impression might have changed a bit and > there might be more energy to improve transparency and to explore new > directions. > > Ciao > Hannes > > On 02/10/2014 08:05 PM, Rene Struik wrote: >> Hi Hannes: >> >> Historically, not that many CFRG/IETF people seem to have participated >> in solicitations for public review of NIST draft publications. I wonder, >> therefore, what makes you feel this would change dramatically, should >> CFRG/IETF take on an effort as complement or partially duplicated effort >> of what NIST has already done. >> >> Note - data suggests this has been pretty consistent over time, both for >> the last solicited draft crypto recommendation review and for those in >> the last few years. >> >> Best regards, Rene >> >> == >> [excerpt of email Hannes Tschofenig, February 7,2014, 4:37pm EST] >> >> b) I do, however, believe that the CFRG could play an interesting role. >> I am curious whether it would be possible to move some of the tasks that >> are currently done in NIST to the IRTF, namely the cryptographic >> algorithm selections. I know that this is a job that is today not done >> by the IETF/IRTF but I believe it could be done since the ingredients are: >> * open and transparent process for publishing, commenting, and selecting >> an algorithm >> * a suitable way for publishing these documents. >> >> On 2/10/2014 2:18 PM, David McGrew wrote: >>> HI Hannes, >>> >>> On 02/07/2014 04:37 PM, Hannes Tschofenig wrote: >>>> Hi David, >>>> >>>> good discussion points. >>>> >>>> Here are my views: >>>> >>>> a) If we look at the problems at the entire Internet software lifecycle, >>>> as I did in >>>> http://tools.ietf.org/html/draft-tschofenig-perpass-surveillance-01, >>>> then I believe it is fair to say that the problems at the level of >>>> cryptographic primitives are the least challenging issues with Internet >>>> security. That's good news. >>> thanks for chiming in, I think you are right regarding primitives; let >>> me note that weak protocols and insecure deployment practices are >>> perfectly in scope for CFRG as well as primitives. But the other >>> major category of weakness, widespread exploitable vulnerabilities in >>> software implementations, is one that is hugely important, and which >>> is out of scope for CFRG. The problem of exploitable vulnerabilities >>> doesn't get the air-time that it deserves, relative to the other >>> issues. An exploit could force its victim to do all sorts of bad >>> cryptographic practices, such as leak a key in an IV, or use a fixed >>> or low-entropy key. >>> >>>> The problems you mentioned with RADIUS have little to do with work that >>>> would be done in the CFRG. RADIUS, similarly to Diameter, does not offer >>>> end-to-end security and that's something that could be fixed in the IETF >>>> (and there is work ongoing in the DIME working group for Diameter at >>>> least). The main challenge, however, is the attitude problem of those >>>> deploying the protocol. >>> I agree about the attitude, but I don't agree that CFRG couldn't >>> help. Surely we don't need new crypto mechanisms to solve the >>> problems with RADIUS, but analyzing and documenting security issues >>> and helping to socialize them with the IETF and the user base are all >>> in charter and are worth doing. >>> >>>> b) I do, however, believe that the CFRG could play an interesting role. >>>> I am curious whether it would be possible to move some of the tasks that >>>> are currently done in NIST to the IRTF, namely the cryptographic >>>> algorithm selections. I know that this is a job that is today not done >>>> by the IETF/IRTF but I believe it could be done since the ingredients >>>> are: >>>> * open and transparent process for publishing, commenting, and selecting >>>> an algorithm >>>> * a suitable way for publishing these documents. >>>> >>>> Doing this work in a global standards organization also gives it more >>>> credibility. I am also confident that the IETF/IRTF community could >>>> reach out to researchers working on hash algorithms, encryption >>>> algorithms, etc. >>>> >>>> Just a thought... >>> Agree that IETF is and should be willing to act as an international >>> standards body for crypto, and that CFRG could support that process. >>> We need to be careful not to over-commit in this area, but if the IETF >>> wanted CFRG to vet some crypto standards options, we should be able to >>> do that. >>> >>> David >>> >>>> Ciao >>>> Hannes >>>> >>>> >>>> On 02/07/2014 07:04 PM, David McGrew wrote: >>>>> Hi All, >>>>> >>>>> it is healthy to have a discussion on what CFRG and IETF can do >>>>> differently to improve security and privacy in the Internet. >>>>> >>>>> Ultimately, we are not limited by the current CFRG charter, but rather >>>>> by our collective willingness to do the work that needs to be done, and >>>>> I suppose on our ability to develop enough rough consensus about what >>>>> needs to be done. We do have a charter that we need to stick to at >>>>> present, but we can do more within that charter, and we can consider >>>>> changes to the charter if we think those are needed. (Though note >>>>> that >>>>> we would need to get those changes approved.) >>>>> >>>>> An approach that might work for us is to develop replacement mechanisms >>>>> for the ones in current use that we think need to be replaced, keeping >>>>> in mind that the actual replacement might take ten years or so, or >>>>> might >>>>> never happen. At the same time, we can document the problems with >>>>> existing mechanisms, to help provide a motivation for that replacement. >>>>> >>>>> It is worthwhile to keep in mind the interoperability problems that can >>>>> be caused by changes in cryptography, and the inertia created by all of >>>>> those millions of crypto implementations that are currently in >>>>> use. We >>>>> can't expect new crypto to appear in a five year old piece of software >>>>> that is no longer supported by its creator, for instance, and that will >>>>> slow down adoption of newer crypto, no matter how much better it is. >>>>> As a practical matter, we also need to realize that many users of >>>>> cryptography believe that there is no economic justification for >>>>> deploying new crypto until breaking the old crypto scheme is so easy >>>>> that a script kiddie can do it with a backtrack CD-ROM. The burden is >>>>> on us to provide this justification. >>>>> >>>>> At the same time, I share the frustration that too much bad >>>>> cryptography >>>>> is in use, which should have been replaced long ago. The fact that it >>>>> might take years to replace is no excuse not to start the process now. >>>>> I'm thinking of RADIUS and other protocols that are used with >>>>> human-generated passwords (and are not PAKE systems) in >>>>> particular. It >>>>> would be *great* to have CFRG document what protocols are bad, and how >>>>> bad they are, in a way that we could demonstrate expert consensus on >>>>> our >>>>> opinions. If we did a decent job, I bet we could get a slot in front of >>>>> the IESG or some other responsible IETF group. I am confident >>>>> that, if >>>>> we can offer IETF good information about the security of current >>>>> standards, they will find a way to propagate and use that information. >>>>> >>>>> An aside: a history of crypto protocols at IETF might provide some >>>>> useful perspective; maybe a couple of people who were involved would be >>>>> willing to write up something? It might be useful to focus on one >>>>> case study where things were done wrong, and one where things were done >>>>> right. >>>>> >>>>> David >>>>> >>>>> On 02/07/2014 12:10 PM, Watson Ladd wrote: >>>>>> On Fri, Feb 7, 2014 at 8:39 AM, Blumenthal, Uri - 0558 - MITLL >>>>>> <uri@ll.mit.edu> wrote: >>>>>>> Don Johnson, for one. Carl Meyer. (Yes, those guys who invented >>>>>>> Lucifer and DES ciphers.) >>>>>>> >>>>>>> You keep forgetting (or simply aren't old enough to be aware?) of how >>>>>>> things were done back when the "Cryptography: The New Dimension" book >>>>>>> was published. >>>>>>> >>>>>>> The standard was "MAC, then Encrypt", and it had reasons for doing >>>>>>> things in that order. In fact, SNMP was the first IETF protocol >>>>>>> (circa 1992-1994) to diverge from that approach, and it took some >>>>>>> flak for not doing what was the conventional wisdom of that day. >>>>>> Was that flack informed? Or was it coming from people who didn't >>>>>> really understand the mathematics behind crypto? Were those reasons >>>>>> informed? Just because everyone was making the same mistakes doesn't >>>>>> make those mistakes less serious. Even if we make Bellare-Nampare the >>>>>> point at which no one should have done MAC then Encrypt, that was 13 >>>>>> years ago. Bard explained BEAST 9 years before the demonstration. >>>>>> >>>>>> The best you can say is that the TLS WG was woefully slow in >>>>>> responding to the changing situation. >>>>>> >>>>>>> Since then the priorities and the attacks changed, and now >>>>>>> "Encrypt-then-MAC" is the standard. >>>>>>> >>>>>>> Watson, I'd like to join other suggesting that you become less >>>>>>> combative here. I'm not a "peacenik" myself, but any patience has a >>>>>>> limit. >>>>>> What should the CFRG and the IETF do more broadly to ensure that >>>>>> blunders as serious as the ones above don't happen again? What has the >>>>>> CFRG done to ensure that other 90's era protocols have these problems >>>>>> addressed, particularly when the WGs responsible have disbanded? >>>>>> Should we simply let sleeping dogs lie, and work on ensuring that new >>>>>> protocols don't make similar mistakes? >>>>>> I'm here to fix the problems: explain what I need to do to fix them, >>>>>> and I'll do it. >>>>>> >>>>>> Sincerely, >>>>>> Watson >>>>>>> -- >>>>>>> Regards, >>>>>>> Uri Blumenthal Voice: (781) 981-1638 >>>>>>> Cyber Systems and Technology Fax: (781) 981-0186 >>>>>>> MIT Lincoln Laboratory Cell: (339) 223-5363 >>>>>>> 244 Wood Street Email: <uri@ll.mit.edu> >>>>>>> Lexington, MA 02420-9185 >>>>>>> >>>>>>> Web: http://www.ll.mit.edu/CST/ >>>>>>> >>>>>>> >>>>>>> >>>>>>> MIT LL Root CA: >>>>>>> >>>>>>> <https://www.ll.mit.edu/labcertificateauthority.html> >>>>>>> >>>>>>> >>>>>>> DSN: 478-5980 ask Lincoln ext.1638 >>>>>>> >>>>>>> ----- Original Message ----- >>>>>>> From: Watson Ladd [mailto:watsonbladd@gmail.com] >>>>>>> Sent: Friday, February 07, 2014 11:28 AM >>>>>>> To: Nikos Mavrogiannopoulos <nmav@gnutls.org> >>>>>>> Cc: cfrg@irtf.org <cfrg@irtf.org> >>>>>>> Subject: Re: [Cfrg] NSA sabotaging crypto standards >>>>>>> >>>>>>> On Fri, Feb 7, 2014 at 8:11 AM, Nikos Mavrogiannopoulos >>>>>>> <nmav@gnutls.org> wrote: >>>>>>>> On 02/07/2014 04:59 PM, Watson Ladd wrote: >>>>>>>> >>>>>>>>> But let's go into detail about how well the cryptographers did >>>>>>>>> in TLS. >>>>>>>>> In 1995 Phil Rogaway tells everyone to use encrypt-then-MAC. >>>>>>>> I believe you are oversimplifying things. Indeed Rogaway suggested >>>>>>>> encrypt-then-MAC, but other cryptographers were suggesting >>>>>>>> MAC-then-Encrypt (authenticate what is meant not what is sent). >>>>>>>> There >>>>>>>> was also no attack known for MAC-then-encrypt. >>>>>>> Show me one cryptographer who recommended MAC-then-Encrypt. >>>>>>> Also, absence of known attacks is not the same as absence of attacks. >>>>>>> Encrypt-then-MAC was the conservative choice. >>>>>>> >>>>>>>> In general it is very easy to see the obvious solution 20 years >>>>>>>> later, >>>>>>>> but the challenge is to properly decide at the right time. >>>>>>> It was obvious then: encrypt-then-MAC was known secure, while >>>>>>> MAC-then-encrypt was not. >>>>>>> Any excuse vanishes with Bellare-Nampare (2000). Of course, even >>>>>>> if we >>>>>>> take the best interpretation, the TLS WG frittered away 9 years after >>>>>>> being informed of an attack. >>>>>>> >>>>>>> Sincerely, >>>>>>> Watson Ladd >>>>>>>> regards, >>>>>>>> Nikos >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Cfrg mailing list >>>>>>>> Cfrg@irtf.org >>>>>>>> http://www.irtf.org/mailman/listinfo/cfrg >>>>>>> -- >>>>>>> "Those who would give up Essential Liberty to purchase a little >>>>>>> Temporary Safety deserve neither Liberty nor Safety." >>>>>>> -- Benjamin Franklin >>>>>>> _______________________________________________ >>>>>>> Cfrg mailing list >>>>>>> Cfrg@irtf.org >>>>>>> http://www.irtf.org/mailman/listinfo/cfrg >>>>> _______________________________________________ >>>>> Cfrg mailing list >>>>> Cfrg@irtf.org >>>>> http://www.irtf.org/mailman/listinfo/cfrg >>> _______________________________________________ >>> Cfrg mailing list >>> Cfrg@irtf.org >>> http://www.irtf.org/mailman/listinfo/cfrg >> -- email: rstruik.ext@gmail.com | Skype: rstruik cell: +1 (647) 867-5658 | US: +1 (415) 690-7363
- [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-03.t… internet-drafts
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Dan Harkins
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Watson Ladd
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… David McGrew
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Watson Ladd
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… David McGrew
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Dan Harkins
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Paul Lambert
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Watson Ladd
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Dan Harkins
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Yoav Nir
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Watson Ladd
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Mike Hamburg
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Dan Harkins
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Robert Ransom
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Watson Ladd
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] 2^40. I can't exhibit it, but it exist… Paul Lambert
- Re: [Cfrg] 2^40. I can't exhibit it, but it exist… Michael Hamburg
- Re: [Cfrg] 2^40. I can't exhibit it, but it exist… Watson Ladd
- [Cfrg] publishing dragonfly (was: Re: 2^40. I can… David McGrew
- Re: [Cfrg] publishing dragonfly (was: Re: 2^40. I… Eggert, Lars
- Re: [Cfrg] publishing dragonfly (was: Re: 2^40. I… Manger, James
- Re: [Cfrg] publishing dragonfly (was: Re: 2^40. I… Eggert, Lars
- [Cfrg] NSA sabotaging crypto standards Manger, James
- Re: [Cfrg] NSA sabotaging crypto standards Alexandre Anzala-Yamajako
- Re: [Cfrg] how can CFRG improve cryptography in t… Rob Stradling
- Re: [Cfrg] NSA sabotaging crypto standards Eggert, Lars
- Re: [Cfrg] NSA sabotaging crypto standards Watson Ladd
- Re: [Cfrg] NSA sabotaging crypto standards Paul Hoffman
- Re: [Cfrg] NSA sabotaging crypto standards Watson Ladd
- Re: [Cfrg] NSA sabotaging crypto standards Paul Hoffman
- Re: [Cfrg] NSA sabotaging crypto standards David McGrew
- Re: [Cfrg] NSA sabotaging crypto standards Dan Harkins
- Re: [Cfrg] NSA sabotaging crypto standards Watson Ladd
- Re: [Cfrg] how can CFRG improve cryptography in t… David McGrew
- Re: [Cfrg] NSA sabotaging crypto standards Nikos Mavrogiannopoulos
- Re: [Cfrg] NSA sabotaging crypto standards Watson Ladd
- Re: [Cfrg] NSA sabotaging crypto standards Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] NSA sabotaging crypto standards Watson Ladd
- [Cfrg] how can CFRG improve cryptography in the I… David McGrew
- Re: [Cfrg] how can CFRG improve cryptography in t… Daniel Kahn Gillmor
- Re: [Cfrg] NSA sabotaging crypto standards Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] how can CFRG improve cryptography in t… Hannes Tschofenig
- Re: [Cfrg] how can CFRG improve cryptography in t… Rene Struik
- Re: [Cfrg] how can CFRG improve cryptography in t… Stephen Farrell
- Re: [Cfrg] how can CFRG improve cryptography in t… dan
- Re: [Cfrg] how can CFRG improve cryptography in t… Watson Ladd
- Re: [Cfrg] how can CFRG improve cryptography in t… Daniel Kahn Gillmor
- Re: [Cfrg] how can CFRG improve cryptography in t… David McGrew
- Re: [Cfrg] how can CFRG improve cryptography in t… Stephen Farrell
- Re: [Cfrg] how can CFRG improve cryptography in t… Tom Ritter
- Re: [Cfrg] how can CFRG improve cryptography in t… Igoe, Kevin M.
- Re: [Cfrg] how can CFRG improve cryptography in t… Hannes Tschofenig
- Re: [Cfrg] how can CFRG improve cryptography in t… Hannes Tschofenig
- Re: [Cfrg] how can CFRG improve cryptography in t… Hannes Tschofenig
- Re: [Cfrg] how can CFRG improve cryptography in t… David McGrew
- Re: [Cfrg] how can CFRG improve cryptography in t… Paul Lambert
- Re: [Cfrg] how can CFRG improve cryptography in t… Watson Ladd
- Re: [Cfrg] how can CFRG improve cryptography in t… Rene Struik
- Re: [Cfrg] how can CFRG improve cryptography in t… Geoffrey Waters
- Re: [Cfrg] how can CFRG improve cryptography in t… S Moonesamy
- Re: [Cfrg] how can CFRG improve cryptography in t… David McGrew