Re: [CFRG] Escalation: time commitment to fix *production* security bugs for BLS RFC v4?
"Riad S. Wahby" <rsw@jfet.org> Fri, 23 April 2021 19:55 UTC
Return-Path: <rswatjfet.org@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B61CA3A1BF1 for <cfrg@ietfa.amsl.com>; Fri, 23 Apr 2021 12:55:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.402
X-Spam-Level:
X-Spam-Status: No, score=-1.402 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MNCEmcKHsVQJ for <cfrg@ietfa.amsl.com>; Fri, 23 Apr 2021 12:55:07 -0700 (PDT)
Received: from mail-qk1-f170.google.com (mail-qk1-f170.google.com [209.85.222.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4083E3A1BF0 for <cfrg@irtf.org>; Fri, 23 Apr 2021 12:55:07 -0700 (PDT)
Received: by mail-qk1-f170.google.com with SMTP id d19so15103636qkk.12 for <cfrg@irtf.org>; Fri, 23 Apr 2021 12:55:07 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=JFoaqXicBPb394KJnHmyiPcsd+QSCETwDmugOrnhP1U=; b=p5pBfIG+lzfgdECy9x5OsRtVVzv0ujagnBMGP9PBYh2z5qTHy1OgVTsM0GXbNpmv0c mxhmdBme7dc9HQRFoYi/d0ITrIr7hbYIZU99h+iUD0ieJ9piOh21cJ0UHnPp+ZqdnFuY PORhRo0HHeeQm+urkg1MIVnFxJxntoN+gJwesnsOAA0c0ezBGVGPW/cmlGUI+1tArXHW MVgWj+VQmK/WhN4pDQWG26H4oFzzRxjCAoeqEtuSGFzn1ni00UxpViRuC1MXVq4qMCcY Co1YqYZLCV2F3dpQqzKK27YoQjRq6MNVJr5Dwl9Uythfljxs5EIzYxNy1JvKx4RqZT66 XE5A==
X-Gm-Message-State: AOAM531TqM2mRc8Xs9xJSzEsmEEwOdPIRBswHfY7lfxH4Fi6fUASLfDA /HKebdm5taNOk7zQMxiLJl8=
X-Google-Smtp-Source: ABdhPJw4TzKDhS/DGsgBp9KYjcU80AGch5afafqRYFa0My9yQDdGfv/cATGWMHzHrAW4oY/kUhpUrQ==
X-Received: by 2002:a37:2e81:: with SMTP id u123mr5943231qkh.218.1619207706178; Fri, 23 Apr 2021 12:55:06 -0700 (PDT)
Received: from localhost (mobile-166-170-222-227.mycingular.net. [166.170.222.227]) by smtp.gmail.com with ESMTPSA id o12sm5059920qtg.14.2021.04.23.12.55.04 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Fri, 23 Apr 2021 12:55:05 -0700 (PDT)
Date: Fri, 23 Apr 2021 15:55:04 -0400
From: "Riad S. Wahby" <rsw@jfet.org>
To: Quan Thoi Minh Nguyen <msuntmquan@gmail.com>
Cc: cfrg@irtf.org
Message-ID: <20210423195504.d6f74x4jsdrzagcc@muon>
References: <CAAEB6g=tU=MF1_QKduEN55ft0rWe+7x0wBbywS083fJrjzP=XA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAAEB6g=tU=MF1_QKduEN55ft0rWe+7x0wBbywS083fJrjzP=XA@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/k1wMZdzRZt6Vuk4gVFtkkgtEBMI>
Subject: Re: [CFRG] Escalation: time commitment to fix *production* security bugs for BLS RFC v4?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Apr 2021 19:55:09 -0000
Hi Quan, (Reposting my message from GitHub.) I really appreciate your reporting the bug and all of the thought you have clearly put into this. The short answer to your question, "what is the time commitment of the authors?" is: we're doing this on a volunteer basis, and therefore real life takes priority. For my part: I have not had a moment's spare time in the last 6 months. I hope to have time in the next several weeks to think more about this but I do not have more specific information than that. I can't speak for any of the other authors. Regarding deployment in production: I really do understand the concern here, and I share it. But this document is in draft status, which means the risk of bugs or incomplete features is understood to be nonzero, including by people who choose to deploy the draft specification. I am not pointing this out to be legalistic or to justify inaction, only to push back on the idea that somehow production deployment changes the authors' volunteer status or time commitment. I very much plan to deal with this issue once real life lets up a bit, but I do not know how soon that is. That is really the best commitment I can give you. Thanks for understanding, -=rsw
- [CFRG] Escalation: time commitment to fix *produc… Quan Thoi Minh Nguyen
- Re: [CFRG] Escalation: time commitment to fix *pr… Riad S. Wahby
- Re: [CFRG] Escalation: time commitment to fix *pr… Quan Thoi Minh Nguyen
- Re: [CFRG] Escalation: time commitment to fix *pr… Loup Vaillant-David
- Re: [CFRG] Escalation: time commitment to fix *pr… Salz, Rich
- Re: [CFRG] Escalation: time commitment to fix *pr… Paul Hoffman
- Re: [CFRG] Escalation: time commitment to fix *pr… Quan Thoi Minh Nguyen
- [CFRG] Bitcoin delenda est. Was: Escalation: time… Phillip Hallam-Baker
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … Daniel Franke
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … Kyle Rose
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … Michael Sierchio
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … Michael Sierchio
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … Kyle Rose
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … Michael Sierchio
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … Phillip Hallam-Baker
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … Mike Hamburg
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … Mike Hamburg
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … Thomas Dineen
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … Phillip Hallam-Baker
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … Thomas Dineen
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … Thomas Dineen
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … denis bider
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … Eric Rescorla
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … denis bider
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … Soatok Dreamseeker
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … denis bider
- Re: [CFRG] Bitcoin delenda est. Was: Escalation: … Nick Sullivan
- Re: [CFRG] Escalation: time commitment to fix *pr… Jeff Burdges