Re: [Cfrg] Requesting removal of CFRG co-chair

Watson Ladd <> Tue, 24 December 2013 04:40 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 614E81AE3FC for <>; Mon, 23 Dec 2013 20:40:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 9mdPZkfrfYk5 for <>; Mon, 23 Dec 2013 20:40:17 -0800 (PST)
Received: from ( [IPv6:2a00:1450:400c:c03::231]) by (Postfix) with ESMTP id 6C5A61AE3F7 for <>; Mon, 23 Dec 2013 20:40:17 -0800 (PST)
Received: by with SMTP id u56so5423518wes.8 for <>; Mon, 23 Dec 2013 20:40:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=CfuO1U7GhRrqnWpaXJCySjB7gNqtB4BIiab+4AyhlN0=; b=ZkH3+NLNSKXOWm0oiasJ3FIdiPNOpnqp62XUoE4BFYntpJeZ1lnrWGMe7JhuG//9gx 48mdD2u/eOGbmoG4yyuwuLg9VJ2zu5jC3oS2TC2UpSrmQnzNUzROJVDCsdXiR9erg4e4 vv5AFtbd842DNnL2eemrD/M6NitpY1WqxADElkUg8MWiAap14FuCI/TjR9jE0CAVjxUZ ztnys/YUwLV1JMnRTTQ/z9NvbiZK2qQz/vW6blk5oGrRzlyBuNAdAPdVCFFPht2VS/7R xkhfTBni7ID4pd9/SCik6m3kzwGS09ZubcpdL93VECypVE+ApczkmMwEvUnz1CHMed1U lr8A==
MIME-Version: 1.0
X-Received: by with SMTP id l9mr21270774wiz.20.1387860013458; Mon, 23 Dec 2013 20:40:13 -0800 (PST)
Received: by with HTTP; Mon, 23 Dec 2013 20:40:13 -0800 (PST)
In-Reply-To: <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
Date: Mon, 23 Dec 2013 23:40:13 -0500
Message-ID: <>
From: Watson Ladd <>
To: Stephen Farrell <>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: "" <>
Subject: Re: [Cfrg] Requesting removal of CFRG co-chair
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 24 Dec 2013 04:40:20 -0000

On Mon, Dec 23, 2013 at 10:12 PM, Stephen Farrell
<> wrote:

> transparency we have. And I hope we (the IETF and IRTF) maintain
> what is much more a core principle which is to not be driven by
> irrational perception but to pay most attention to engineering and
> science. (Whilst not being "pure" in any respect:-)

There is a great email from Phil Rogaway to the TLS WG circa 1995
begging them to use ETM.
They don't. The result is BEAST and Lucky13. How exactly is this
paying attention to science?

At IETF 88 the TLS WG didn't endorse a single solution to attacks
currently viable against TLS 1.2 They couldn't even
publish a "don't use RC4" document. The Best Current Practices
document addressing this issue is languishing in
a working group made specifically for this document, with no activity
since September.
The draft author has no clue why.
Is it seriously too much to ask you to put some pressure on UTA and
TLS to get these things fixed ASAP?

Currently the only ID with a shepherd is draft-mcgrew-tls-aes-ccm-ecc.
Apparently, introducing another secure ciphersuite for
specialized applications (in this case embedded) is more important
than disabling an insecure cipher used by 33% of all TLS servers
according to the most recent numbers.

> The reason the who-chairs thing reduces to perception is that
> if that is not true, then our processes can be far more easily
> undermined by anyone who has an axe to grind. And almost all
> participants in standardisation do have some axe to grind. (I
> think someone else pointed that out before as well.)

Some axes are better to grind than others. Heck, I'll be chair of
CFRG. We'll hold a straw vote
on the lines of my email on what kind of proofs are to be demanded
from those who want us to
bless a protocol first thing, and I will personally put $100 bond on
any protocol we approve being broken,
provided the protocol is standardized exactly as we say.

> The main effect of chairs is that they either move the discussion
> along well, or badly, or not at all. The only situations where a
> chair can really dominate are ones where nobody really cares about
> the outcome anyway. And there are (in the IETF) appeal processes
> in case someone thinks stuff has gone wrong. The IRTF differs in
> that respect since the IRTF doesn't do standards.

How do I appeal against the continued failure of the TLS WG to fix the
problems rediscovered
this year? I know, I'll email the security area head telling them this
is a problem.

>> To me, the most important thing the group can do is address how it
>> makes sure to protect from subversive actors.
> I disagree, on the basis that I think we (IETF) have done that
> for decades. More recently for IRTF, but it inherits a lot of
> good IETF processes.
> For me, figuring out how to mitigate pervasive monitoring is
> far more important.

Is this something that TLS doesn't solve? If it is too hard/expensive
to deploy, that's yet another
black mark against the history of the TLS WG. (Okay, UDP, but DNSCurve)

>> If we had a clear
>> answer there, then I think it matters far less who the chair is,
>> because we can give outside eyes a better comfort level.  I don’t
>> think it’s productive to be dismissive of the concern, even if you do
>> not agree.
> It is fair to dismiss concerns where those appear to be based
> on an impressive level of ignorance of how things actually work.
> Those with such concerns should ask questions, and those would
> be welcome, but baseless suppositions e.g. that some real people
> are invented are just plain dumb.

If I look at the TLS WG I see 20 years of a broken, overly complex,
protocol, with no effort being made to fix it.
Whatever process was producing that result needs to be fixed. I agree
imaginary people are an idiotic suggestion: the
real record (pre-Dragonfly, pre-Snowden) shows that changes have to be
made to the CFRG, the TLS WG, and probably to the way that the broader
IETF views and understands cryptography.

> S.
> PS: I am not saying that all the how-stuff-works is very obvious
> and ought be known, but I am saying that those who don't know,
> should start by finding out before casting aspersions.

I'll start asking some questions: How many broken protocols does the TLS WG
get to propose and have implemented as standards before it becomes
a requirement for them to get some independent analysis of whatever
they propose?

How do you plan to deal with the failure of UTA to advance a necessary
Best Practices document through the process in a timely

How do you propose to ensure that other working groups in the security
area are not making similar misjudgements?

Does the IETF have any process to fix or address these issues?

Do you believe the CFRG has been effective in addressing the need for
guidance on cryptography in the IETF?

Do you have any ways to improve that guidance or the process leading to it?

Is there any evidence the IETF can develop cryptographic protocols vs.
having outside groups do it and present the standard to IETF?

Watson Ladd
>> John
>> On Dec 23, 2013, at 9:15 PM, Tao Effect <>
>> wrote:
>>> On Dec 23, 2013, at 9:05 PM, Richard Barnes <> wrote:
>>>> Kevin is a regular IETF attendee, and an author of several RFCs.
>>> I never questioned that his name appears on several RFCs.
>>> I even linked to such an RFC. :-)
>>> It's just starting to become rather obvious that whoever is
>>> carrying this name around, probably considers it to either be an
>>> alias.
>>> And even if that's not the case, it seems rather strange that
>>> someone who is serving as co-chair of an organization that makes
>>> recommendations to the world about the cryptography that it uses,
>>> appears to be rather difficult to hold accountable for the
>>> accusations that have been levied against him by multiple people in
>>> this thread.
>>> So, the members of the CFRG might not be real people and don't seem
>>> to have any accountability? Is this the moral of the story?
>>> It's also interesting to see some of the replies to my innocent
>>> questions.
>>> Here's one from Stephen Farrell, it can be summarized entirely like
>>> so: "Oh FFS. Please cut the crap."
>>> Here's one from John Bradley: "+1 Stephen's comment"
>>> Some substance, gentlemen, please? This is not Facebook. It's easy
>>> to disturb the air with exclamations, but it's not a nice thing to
>>> do when your empty replies land hundreds? of inboxes.
>>> Cheers, Greg
>>> -- Please do not email me anything that you are not comfortable
>>> also sharing with the NSA.
> He is most definitely a real person.
>>>> --Richard
>>> _______________________________________________ Cfrg mailing list
>> _______________________________________________ Cfrg mailing list
> _______________________________________________
> Cfrg mailing list

"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin