Re: [Cfrg] Time to recharter CFRG as a working group? Was: Re: [secdir] ISE seeks help with some crypto drafts

Michael StJohns <msj@nthpermutation.com> Fri, 15 March 2019 18:52 UTC

Return-Path: <msj@nthpermutation.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45BB8130DC9 for <cfrg@ietfa.amsl.com>; Fri, 15 Mar 2019 11:52:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nthpermutation-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9UuZrFirViQq for <cfrg@ietfa.amsl.com>; Fri, 15 Mar 2019 11:52:43 -0700 (PDT)
Received: from mail-qt1-x844.google.com (mail-qt1-x844.google.com [IPv6:2607:f8b0:4864:20::844]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 63285130E86 for <cfrg@irtf.org>; Fri, 15 Mar 2019 11:52:43 -0700 (PDT)
Received: by mail-qt1-x844.google.com with SMTP id w30so5954259qta.8 for <cfrg@irtf.org>; Fri, 15 Mar 2019 11:52:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nthpermutation-com.20150623.gappssmtp.com; s=20150623; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=vKJyHBFmH3ZLMY70Yql21kR3cBYbJSVfQ0yWqP4Udp0=; b=DgeWNQY1ZM1NxdsX5aZBthMklIxHIcOdQfREugky1LDCpj5KhDE1rKRcyMhdNIQJ87 IsxKMcu2XuiMDoT3YPIIuBUcAe+/6kO2Tq30jdnL4YvYJK2tL3lONhnYN2e/4mD6tIVN nhpL+396LsJS2qBqHbsp6Q+uJphXslDIP1hD99Q2dUHtI/cI+F57H99LUXBXXBN/ppVY 8H6VH8FoNs60gAseQXbUht72h/fqIWlTg+4d78S9gkIRfnZtI5CBT5vT6a/oHtCym/uO M+uXhjXyXJXMFkN+sWrzXtl5rNKk2ZpRnkuuD8MRhBXQlMznTPHhZZRdkwefz/Wg3feJ RGwQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=vKJyHBFmH3ZLMY70Yql21kR3cBYbJSVfQ0yWqP4Udp0=; b=mKd9hSXtGx+vKFAX4UJBSbpCnI4rUZIARmhcL9W7ynBPPGDYfpmgIdV2EW4eCRWXut po2EHRcmoI/0LIfvVJJzNdCPFUEs/g4AWXqdgl24FPyYxYnMts15IeHzaueHbqW98m5l z4obVwuyfVCP/4kqtRSC9GSj1A2F8iVNuPLPsN1cPP1dCsthOBmbXXcvy6QVzRDgckEL LCVfO9VF1LmpgmYokPB/PKifu5QfiNzHYQwNWNXXmX9QZZbXnw+eA4bLpvuR4GZKi6UK JIHucHGMdMGaMmMlbaNOSxfVhg1MZ288JgKxdVz8D8zKNrMA1i/ay5OriqGFM2IoQJUu FVIg==
X-Gm-Message-State: APjAAAUkbyRLfjhVLFA7tg8ncV55yYXlDFvAC5UJiVeumN7LXwb/QNFP YxnZXqncmxO01ts6fgcgx66kNA==
X-Google-Smtp-Source: APXvYqzu8L2HVRPkYs21RNKmpYBMXylCYJt7Q6P2UGkUDA2OoCYOoOdMVvmGUVvFMN0fGRILDeFJHw==
X-Received: by 2002:ac8:21bc:: with SMTP id 57mr2113629qty.51.1552675962149; Fri, 15 Mar 2019 11:52:42 -0700 (PDT)
Received: from ?IPv6:2601:152:4400:4013:15bf:7fe9:5be3:d288? ([2601:152:4400:4013:15bf:7fe9:5be3:d288]) by smtp.gmail.com with ESMTPSA id u64sm2980851qki.24.2019.03.15.11.52.41 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 15 Mar 2019 11:52:41 -0700 (PDT)
To: Richard Barnes <rlb@ipv.sx>
Cc: John Mattsson <john.mattsson@ericsson.com>, "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>, CFRG <cfrg@irtf.org>, "RFC ISE (Adrian Farrel)" <rfc-ise@rfc-editor.org>, secdir <secdir@ietf.org>
References: <1d8de489fc976b63a911573300a431d4.squirrel@www.amsl.com> <alpine.LRH.2.21.1903081227200.30421@bofh.nohats.ca> <CAHOTMVLtjVxZNy3bFRn09xH+cOw+tPi2CL3BkaQuJEqxAzGOJg@mail.gmail.com> <edca701b-21f3-c80c-d754-fc333f1e2e04@cs.tcd.ie> <20190310182935.GE8182@kduck.mit.edu> <B876B124-7EDE-4E20-A878-3AAD3FA074BC@krovetz.net> <20190310191026.GF8182@kduck.mit.edu> <CAHOTMVJcosEgYV9caWapgyzQfh-g4k5DQry5n42bEfrkJvmdWQ@mail.gmail.com> <042b3f13-7d5a-12d7-e604-9f8cad197608@cs.tcd.ie> <CANeU+ZCmiTKfE1_YgjM6GX9ZCw_35mZoT8M-6VL72UhbenT2og@mail.gmail.com> <3FA4B2DD-334E-4C7C-A01E-6C370CAE4C00@ll.mit.edu> <2935C6E3-3AE8-4447-BA01-8DAE0410E5C6@ericsson.com> <CAL02cgSeCgAOOh3oMhJZqCGvT0F=JQ6n-bmgWYU=6hxkV+aOHQ@mail.gmail.com> <0d38eabd-6f90-2d19-3b45-f1ce19ba9b73@nthpermutation.com> <CAL02cgRVXn2U3SKhGh6biTZJKmHM6KrW6D_rVB2-ZTC5Oohh4w@mail.gmail.com>
From: Michael StJohns <msj@nthpermutation.com>
Message-ID: <829ca608-8d47-083e-e0a6-e7276525b080@nthpermutation.com>
Date: Fri, 15 Mar 2019 14:52:40 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.5.3
MIME-Version: 1.0
In-Reply-To: <CAL02cgRVXn2U3SKhGh6biTZJKmHM6KrW6D_rVB2-ZTC5Oohh4w@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/mxAfBfEBIFh8Z15Z360-UEK4gp8>
Subject: Re: [Cfrg] Time to recharter CFRG as a working group? Was: Re: [secdir] ISE seeks help with some crypto drafts
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Mar 2019 18:52:45 -0000

On 3/13/2019 7:32 AM, Richard Barnes wrote:
> Mike, are your concerns here primarily IPR related?  If that's so, 
> then maybe that's the level at which we should address them, as 
> opposed to flipping the bigger RG->WG switch.
>

Hi Richard -

Like I said, I'm not going to push this at this time.  But I think its 
more than just IPR - avoiding technology because of IPR is more a 
symptom (and in fact is IETF guidance rather than IRTF policy).

The CFRG has a unique position in that - unlike ANY other RG as far as I 
can tell - it's looked at as an immediate feeder for technology for the 
IETF.  If it were agnostically evaluating the crypto properties of any 
offered technology, I'd say we're good and I'd move on.  But, with the 
publication of Curve25519 and its related ... standards ..., the CFRG 
has moved from evaluation and re-publication of cryptographic standards 
developed and produced elsewhere into being the first publisher of what 
could only be characterized as standards, even if published as an 
Informational RFC in the IRTF stream.

Ultimately, I think it comes down to fairness and transparency. As an 
RG, the publications of the RG are not subject to the standards appeals 
process.  In an WG, the decision not to work on an IPR encumbered 
technology (or others such as national cryptography) MAY be appealed and 
overturned (or might not) or sponsored by an AD if there's no applicable 
or agreeable WG. There's a process for showing such decisions were made 
transparently, and with a broader audience than just the CFRG having a say.


Later, Mike

Ps - hmm... Note that the CFRG charter only mentions the IETF and not 
the IRTF....