Re: [Cfrg] Requesting removal of CFRG co-chair

Alyssa Rowan <> Tue, 24 December 2013 23:02 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 1C35D1AE0D6 for <>; Tue, 24 Dec 2013 15:02:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 1f7ygUeD3TsT for <>; Tue, 24 Dec 2013 15:02:53 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 13ECF1AE00A for <>; Tue, 24 Dec 2013 15:02:52 -0800 (PST)
Received: from [] ( []) by (Postfix) with ESMTPSA id 63925601F1 for <>; Tue, 24 Dec 2013 23:02:48 +0000 (GMT)
Message-ID: <>
Date: Tue, 24 Dec 2013 23:02:58 +0000
From: Alyssa Rowan <>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
References: <> <> <> <> <> <> <> <>
In-Reply-To: <>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Subject: Re: [Cfrg] Requesting removal of CFRG co-chair
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 24 Dec 2013 23:02:56 -0000

Hash: SHA512

On 24 Dec 2013 20:09, Dan Harkins wrote:

> [...recently subscribed... twitter... crusade... hollow...]

Dan? I'm not sure defensiveness helps the discussion. (I can't
speak for anyone else, but I don't think I've ever really used
Twitter.) It's nearly Christmas. Relax.

I doubt the discussion will make much substantive progress either way
until, at least, we hear what Kevin has to say.

Given the timing, however, he may well be on holiday.

> Realize too that had Kevin's employer not given these people the 
> opportunity [...] there would be no discussion of [...] what the 
> CFRG's place in the world is.

And perhaps we can use that as a positive opportunity.

Many WGs, including TLS, have a hell of a lot of work ahead of them in
light of perpass. Many will need trustworthy help with crypto, because
we are going to need a lot more robust crypto to start making this
threat model's lives more difficult than they are at present.

We have a bunch of new primitives we could use to replace the
now-less-certain ones as we move forward: some of these could be
extraordinarily useful for TLS1.3 - like, yes, (Curve|Ed)25519 -
Safecurves is exactly (the beginning of) the kind of work we need, I

And CFRG could, and should, help with that: recommendation of
best-practice primitives, review of designs, protocols and structures
- - I'm not sure if review of core implementations falls within its
remit of where practice and theory meet, but _someone_ definitely
ought to do much more review of where the crypto actually touches the
ground (of all the areas, that is the one NSA targets most
successfully, according to Snowden).

I do think the perception of the trustworthiness of CFRG's advice, and
thus how useful the WGs are likely to find it, will be very strongly
coloured by this discussion, and whatever the ultimate outcome is;
hence the (extraordinary) necessity of it being raised.

Of course, that doesn't mean we necessarily have to wait. I note the
drafts David mentions; I'll take a look at them, and I'll reply to
Watson's thread when I have, but they seem like a start, at least.

Season's greetings, everyone.

- --