IETF Logo Mail Archive

Re: [Cfrg] Requesting removal of CFRG co-chair

Alyssa Rowan <akr@akr.io> Tue, 24 December 2013 23:02 UTC

Return-Path: <akr@akr.io>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C35D1AE0D6 for <cfrg@ietfa.amsl.com>; Tue, 24 Dec 2013 15:02:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1f7ygUeD3TsT for <cfrg@ietfa.amsl.com>; Tue, 24 Dec 2013 15:02:53 -0800 (PST)
Received: from entima.net (entima.net [78.129.143.175]) by ietfa.amsl.com (Postfix) with ESMTP id 13ECF1AE00A for <cfrg@irtf.org>; Tue, 24 Dec 2013 15:02:52 -0800 (PST)
Received: from [10.10.42.10] (cpc5-derb12-2-0-cust796.8-3.cable.virginm.net [82.31.91.29]) by entima.net (Postfix) with ESMTPSA id 63925601F1 for <cfrg@irtf.org>; Tue, 24 Dec 2013 23:02:48 +0000 (GMT)
Message-ID: <52BA12A2.8020903@akr.io>
Date: Tue, 24 Dec 2013 23:02:58 +0000
From: Alyssa Rowan <akr@akr.io>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: cfrg@irtf.org
References: <CAGZ8ZG2f9QHX40RcB8aajWvEfG0Gh_uewu2Rq7bQGHYNx6cOmw@mail.gmail.com> <52B91820.9090706@cisco.com> <CAGZ8ZG02+o=Qm0gUQiVF9H_=wfn+wQt8ahY1ntLHNsELXbvtVg@mail.gmail.com> <AA79A33E-D6B9-4693-A670-B4458011B394@cisco.com> <CA+cU71mTCVHAe2a46USJihr9ihPVw_vQTu0xk-mpRp41La88Xg@mail.gmail.com> <e4054b534e308e3c17c22ccf987d3edc.squirrel@www.trepanning.net> <E7E97A5B-455F-4ABD-A182-DF6DC38F3429@taoeffect.com> <199f08bb0a197065184a07bed40e4e1a.squirrel@www.trepanning.net>
In-Reply-To: <199f08bb0a197065184a07bed40e4e1a.squirrel@www.trepanning.net>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Subject: Re: [Cfrg] Requesting removal of CFRG co-chair
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Dec 2013 23:02:56 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 24 Dec 2013 20:09, Dan Harkins wrote:

> [...recently subscribed... twitter... crusade... hollow...]

Dan? I'm not sure defensiveness helps the discussion. (I can't
speak for anyone else, but I don't think I've ever really used
Twitter.) It's nearly Christmas. Relax.

I doubt the discussion will make much substantive progress either way
until, at least, we hear what Kevin has to say.

Given the timing, however, he may well be on holiday.

> Realize too that had Kevin's employer not given these people the 
> opportunity [...] there would be no discussion of [...] what the 
> CFRG's place in the world is.

And perhaps we can use that as a positive opportunity.

Many WGs, including TLS, have a hell of a lot of work ahead of them in
light of perpass. Many will need trustworthy help with crypto, because
we are going to need a lot more robust crypto to start making this
threat model's lives more difficult than they are at present.

We have a bunch of new primitives we could use to replace the
now-less-certain ones as we move forward: some of these could be
extraordinarily useful for TLS1.3 - like, yes, (Curve|Ed)25519 -
Safecurves is exactly (the beginning of) the kind of work we need, I
think.

And CFRG could, and should, help with that: recommendation of
best-practice primitives, review of designs, protocols and structures
- - I'm not sure if review of core implementations falls within its
remit of where practice and theory meet, but _someone_ definitely
ought to do much more review of where the crypto actually touches the
ground (of all the areas, that is the one NSA targets most
successfully, according to Snowden).

I do think the perception of the trustworthiness of CFRG's advice, and
thus how useful the WGs are likely to find it, will be very strongly
coloured by this discussion, and whatever the ultimate outcome is;
hence the (extraordinary) necessity of it being raised.

Of course, that doesn't mean we necessarily have to wait. I note the
drafts David mentions; I'll take a look at them, and I'll reply to
Watson's thread when I have, but they seem like a start, at least.

Season's greetings, everyone.

- -- 
/akr
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJSuhKhAAoJEOyEjtkWi2t62sUP/3xxovBY8YHRtjXkc3IaPz8A
3t6O2MkmLt2hSQwCYgwurnNkTQoIGCSfJZypWdhqiN2a/zAsLskAMMTQvd+64LIK
H3C5ugMY2QVqHDGJ3gKri62h4gK86gzW4FV80cZU1jsOsPgXH9qE0xgTs4J2T7rC
03ep2CUPktWevesca9S+nGv4025/mRLM8s84Hyx6/gj7bexRfZtrqgX7k5FApS0S
vKTZmJuogPY3HLLdLHQxTaDMN/CZA0Tavjvf9S8KqE5axl9ClhlhaSdYNuy6zIJK
xKDjIZ/fHjOJRo1okndwhkiPUeww9vS9BXRZDqO0ogN7LUxvT9kPFRPQ31B/eZ5b
Q24ES93lvagO+1x7KOCWnxb8XOistXXy/BaLX9di3mNueAtzmmaXhLWPqNC3i+AG
eaEsu2BlhRsADXG8cpsIILC72+WQmz947dHfzaOKTELuCgn+pl4KDxIwNadQDri9
JY6iXa1c+Uq2mW6j6sUnoaXGfYLYrDSu4zUxcY+HJUU6XHYh691vKi/lhK94rxvV
X5KR4Oi6T2fwdntXhHfgeq9ye763t4kDqokgOTw7bCZwfxd8xH2xdwvjFEZcGJs5
Gwklp5mVMs/AN3BHenotf0CI7k0pueW/uulH0EFK06vR6feImPX0btm8nDoDeVL0
y/32WEIrsqVQ6LQWYqFq
=YXCf
-----END PGP SIGNATURE-----

v2.23.0 | Report a Bug | By Email