Re: [Cfrg] Requesting removal of CFRG co-chair

[Tao Effect <contact@taoeffect.com>]

Based on Kevin's reply, dated Dec. 26th, it's clear that he has no interest in stepping down as co-chair.

Is there a process in place that would allow the community of the CFRG to vote on the matter?

If not, here's a simple one that allows for semi-secret vote (votes are revealed to only a tiny fraction of the members):

1. Select two or three people who participated in this discussion thread and expressed opposing views, call them the "Ballot Team"
2. Allow those who have participated in this discussion thread (or related threads, but you've gotta be specific) to send their vote to the Ballot Team via email.
3. Have the Ballot Team check to make sure the email is from someone who participated in this discussion, and send a confirmation reply back to them.
4. Upon receiving a confirmation back with the previous email quoted, mark down their vote.
5. Set a deadline for votes.
6. Have the Ballot Team publicly announce the number of "Yay" and "Nay" votes. If they match up, we can reasonably expect that no cheating happened.

Just an idea, probably not bullet proof, but it considers some of the potential issues of doing such a vote.

A better system, of course, would involve us knowing the result and nobody knowing how anyone else voted.

Cheers,
Greg

--
Please do not email me anything that you are not comfortable also sharing with the NSA.

On Dec 27, 2013, at 10:21 AM, Alyssa Rowan <akr@akr.io> wrote:

> Signed PGP part
> (Restoring the subject line, so Lars can better follow the thread.)
> 
> On 26 Dec 2013 20:07, Igoe, Kevin M. wrote:
> > While NSA’s SIGINT mission gets all the press (especially now), the
> > Agency has another mission: Information Assurance.
> 
> Unfortunately, given the SIGINT Enabling Project has used the NSA's
> Information Assurance mission as official cover for sabotage of
> cryptographic primitives¹, implementations², and standards³, not to
> mention their interesting conduct in statements and enquiries so far,
> any trust or confidence once placed in the NSA for anything by anyone
> has now been fatally, critically, permanently undermined.
> 
[snip]
> 
> ___
> 1. Specific documented example: Dual_EC_DRBG - a backdoor that couldn't
>    have been more obvious if you'd erected a flashing neon sign and
>    driven a mounted parade with a marching band through it. We have no
>    reason to expect other 'enablings' to be as obvious, of course.
> 2. Specific documented example: RSA Security; BSafe; $10m; Dual_EC_DRBG.
> 3. 802.11; GSM; LTE. Bluetooth? (Even perhaps TLS?) Hard to be sure...
>    it's the kind of subtle sabotage that makes the result awful by
>    design, rather than simply awful by committee; the two are hard to
>    distinguish, which is the point, and the end result is similar,
>    as is the need to improve and fix.
> 
> --
> /akr