[Cfrg] publishing drafts (was: Re: [CFRG] Safecurves v Brainpool / Rigid v Pseudorandom)

[David McGrew <mcgrew@cisco.com>]

Hi Dan,

thanks for sharing your thoughts, more inline:

On 01/13/2014 11:55 AM, Dan Brown wrote:
>
> Last week I wrote that I would soon write up my disagreements with the 
> safe curves site.
>
> My first disagreement is written up below, but first two editorial issues:
>
> -My last email was in the context of Watson's draft spec for the 
> Chicago (Bernstein?) curves, but I would like to detach the issue from 
> the I-D.  My comment about the reference in Watson's I-D to a website 
> was just an editorial comment.
>
> -These technical issues that I hope CFRG discusses just might be 
> resolved and written into a CFRG I-D cataloging of elliptic curves and 
> their relative merits and so on, which should be independent of 
> Watson's spec for the Chicago curves.  For now, I opted to discuss via 
> email list, rather than placing these arguments into my own one-sided 
> individual I-D.  Please advise me if such an I-D is preferred to email.
>

This is an important question, so let me take a step back before I 
answer it.

You and others are welcome as individuals to contribute individual 
submission Internet drafts and call them to the attention of CFRG. If 
you want to provide a more formal document, then an I-D seems more 
appropriate, but I am personally fine with an email such as this one, 
when there is no need for a permanent record.

Technically, I-Ds are not permanent documents; they expire by design.  
Some I-Ds progress to become RFCs.   Progressing an I-D to an RFC takes 
a bit of work and patience, so ideally, we should minimize the number of 
documents we progress to RFC.

The research group can choose to take on an I-D, because it wants to 
endorse the work and make sure that it gets published.   However, it is 
not necessary to do that.   Alternatively, I-Ds that are individual 
submissions can get progressed to RFC, and can be reviewed in CFRG.    
This has been done before with CFRG, with RFCs 5116 and 6090 for 
instance.  The process for progressing drafts to RFCs is described in 
http://tools.ietf.org/search/rfc5742    If CFRG takes on a draft, then 
the CFRG chairs are responsible for performing or orchestrating the work 
that needs to be done to get it published as an RFC.   If someone wants 
to publish a draft as an individual submission RFC, rather than going 
through the CFRG process, then they will need to convince a Security 
Area Director (Sean or Stephen) to publish their draft.  Of course, one 
of the differences of authoring an individual submission instead of an 
RG draft is that, in the latter case, the author is accountable for a 
work product of the entire group (that is, the draft needs to reflect 
input from other RG members).

We need to be conscious of the limited resources that we have for 
reviewing and shepherding documents within CFRG, and make sure that we 
take on work that we can complete.   We are fortunate to have the 
participation of a lot of very talented people (including you), but we 
all have a finite amount of time.   So I think CFRG needs to figure out 
what topics to prioritize, and get people to volunteer as authors and 
reviewers (which could include implementers, in the case of specifications).

There clearly is interest, within IETF and CFRG, regarding ECC 
alternatives.  It would be good to have a discussion on what sort of 
RFCs would be most useful, which could include security analysis or 
separate recommendations as well as specifications.   Speaking as an RG 
member, not a chair, I personally like the idea of an RFC describing 
Montgomery or Edwards curves that provides the same sort of information 
as RFC6090: definitions, implementation guidance, references on 
security, and so forth.

I hope that this makes sense - I took a detailed question and gave a 
broad answer :-)

regards,

David