Re: [Cfrg] Response to the request to remove CFRG co-chair

Stephen Farrell <> Fri, 10 January 2014 16:19 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 903761AE100; Fri, 10 Jan 2014 08:19:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.438
X-Spam-Status: No, score=-2.438 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.538] autolearn=unavailable
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id at5htZfIrzRX; Fri, 10 Jan 2014 08:19:02 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 78DF41AE0FA; Fri, 10 Jan 2014 08:19:02 -0800 (PST)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 62029BE5F; Fri, 10 Jan 2014 16:18:51 +0000 (GMT)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id qnZEoJOsqHIn; Fri, 10 Jan 2014 16:18:51 +0000 (GMT)
Received: from [] ( []) by (Postfix) with ESMTPSA id 1E6CEBE63; Fri, 10 Jan 2014 16:18:51 +0000 (GMT)
Message-ID: <>
Date: Fri, 10 Jan 2014 16:18:51 +0000
From: Stephen Farrell <>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: Trevor Perrin <>
References: <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
Cc: Adam Back <>, "" <>, David McGrew <>,, IAB IAB <>
Subject: Re: [Cfrg] Response to the request to remove CFRG co-chair
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 10 Jan 2014 16:19:08 -0000


Some responses below but I honestly think this exchange has
otherwise run its course.

On 01/10/2014 03:35 AM, Trevor Perrin wrote:
> It's time
> for our leadership to summon their courage and take a stand.

Taking a stand sounds lovely, but ineffective. I prefer that
we try to improve the Internet and harden it against pervasive
monitoring. If you think the IETF hasn't been working on that
then perhaps you need to pay more attention, for example, I
didn't notice any comment from you on the IETF LC for [1], nor
on the perpass list [2] since October, nor on the UTA list [3]
nor have I seen a submission from you for the upcoming IAB/W3C
workshop [4] on this topic that'll happen before IETF-89 (but
you do still have time for that last so why not shoot one in:-).


Its entirely reasonable that you do none of the above and just
focus on e.g. CFRG or TLS but its neither reasonable nor helpful
to ignore everything else that's going on *and* make grandiose,
calls for "taking a stand" such as the above.

> I do think Kevin's removal should be a rebuke to the NSA.  

I think that would be an inappropriate action. IMO neither the
IRTF nor IETF are the business of "rebuking" NSA or anyone else.
Its fine that you disagree.

>> Once you start to recognise affiliation in the way that is implied
>> in the last part of your request, then you need processes that
>> deal with the organisations and not the individuals and that very
>> quickly tends to turn into a discussion about membership which
>> then also quickly turns into one about paid membership and voting.
>> You can believe me on this or not, but do bear in mind its far too
>> boring an argument to want to deal with all the ins and outs;-)
> In what way have I "implied" recognizing affiliation, beyond common
> sense?  What new processes would we need to "deal with organizations"?
> Please explain.  This is a major objection that's been raised to the
> request.  You can't just handwave that we need to believe you, or that
> it's too "boring" to get into.
> If this is a serious objection it needs to be explained seriously.

As I've said before, I do not believe Kevin's actions warrant
replacing him as chair and therefore the only basis left on which
he would be fired is purely his affiliation. Doing so would mean
recognising participant affiliation in a new and quite damaging
way. Again, its fine that you don't agree.

Were the IRTF or IETF to do that for chairing in an automatic
manner (e.g. "no NSA personnel are acceptable as chair") then
to be consistent and fair we would have to start doing that
for other cases too, e.g. when considering last calls, which
leads quickly to voting, and membership. If you want an example
of how that would go, please see e.g. the giant thread that
starts at [5] and the even bigger discussion in the rtcweb
working group. Or spend a bit of time reading the archives
of IPR list [6] and you'll see how most kinds of increased
recognition of affiliation lead towards membership. (And when
you're done, then tell me its not boring:-)


What is done now is that we trust other individuals to handle
such matters, we do stuff openly allowing anyone who turns up
on the list to have their say, we have appeal processes, and (in
the IETF) recall and nomcom processes for leadership. In this
case the IRTF chair handled your request, with a result with
which I agreed and you disagreed, and the IAB will handle your
appeal of that I guess, and I think that's the right thing
to happen.