Re: [Cfrg] Requesting removal of CFRG co-chair

David McGrew <> Mon, 30 December 2013 03:20 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 99F101AE3AB for <>; Sun, 29 Dec 2013 19:20:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -15.038
X-Spam-Status: No, score=-15.038 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id w8-2BQrLTO3P for <>; Sun, 29 Dec 2013 19:20:12 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 161B21AE39E for <>; Sun, 29 Dec 2013 19:20:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=8321; q=dns/txt; s=iport; t=1388373606; x=1389583206; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to; bh=yLWZLdyJJoH6/M1M+61uqe8FxZCjSWe7fJZzA2Nrm4k=; b=mB/yhZT+3qtPh4biWeJZrdd2LNyXCoMYt9BrZf9FJOLVx3xuvwpd2oUN TaTksfBzc58qPeCAsPAotzDTv5lxsYKURWSy6K27qkUqHj/utcGMvBtAE 1kw3WvtA0Yj6V43169Cjj2y3DvhOPCnacGD4bO6FGchgheIU0DwQQgnGj U=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos; i="4.95,571,1384300800"; d="scan'208,217"; a="294340180"
Received: from ([]) by with ESMTP; 30 Dec 2013 03:20:05 +0000
Received: from [] ( []) by (8.14.5/8.14.5) with ESMTP id rBU3K39U003405; Mon, 30 Dec 2013 03:20:04 GMT
Message-ID: <>
Date: Sun, 29 Dec 2013 22:20:06 -0500
From: David McGrew <>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130922 Icedove/17.0.9
MIME-Version: 1.0
To: Watson Ladd <>
References: <> <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
Content-Type: multipart/alternative; boundary="------------030806020900080606070309"
Cc: "" <>
Subject: Re: [Cfrg] Requesting removal of CFRG co-chair
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 30 Dec 2013 03:20:14 -0000

Hi Watson,

I don't want to step into the middle of an argument, but I do want to 
address some particular points:

On 12/27/2013 06:56 PM, Watson Ladd wrote:
> The supposedly "open" CFRG had over the years atrophied, to the point 
> where the chair would think that no objection was equivalent to a 
> positive review. 

It is not fair to say that CFRG is "supposedly open".   It *is* open, 
certainly it is open to the extent that any IRTF RG is. Could it be more 
transparent in a way that helped to gain trust? Perhaps, and in this 
area, constructive criticism is welcome.   But everyone providing such 
criticism needs to understand the way that the IETF and IRTF work and 
make suggests that fit within that framework.   Furthermore, people 
should be willing to contribute their personal efforts to CFRG and IRTF, 
especially if they want to propose additional work items that will need 
to get done.

> As a participant, do you feel that that is an adequate foundation for 
> this WG's activities? 

I think that you mean CFRG, which is of course a Research Group of IRTF 
and not an IETF Working Group.   (I don't mean to sound pedantic, but 
there is a difference, and I don't want anyone who starts reading this 
thread in the middle to get the wrong idea.)

>  Do you believe the CFRG has provided good service to the IETF during 
> the years it has been active? Do you believe that the CFRG has 
> increased the security of IETF produced protocols? Let's focus on the 
> issues here: the CFRG isn't doing its job. 

Yes, CFRG has done a good job over the years at providing a "forum for 
discussing and reviewing uses of cryptographic mechanisms, both for 
network security in general and for the IETF <> in 
particular" and "bringing new cryptographic techniques to the Internet 
community and promoting an understanding of the use and applicability of 
these mechanisms via Informational RFCs".   (The quotes are from the 
CFRG charter.)   I don't think that there is any question about that.    
On the Dragonfly protocol, the CFRG chairs could have done a better job 
at summarizing the diversity of opinion regarding a dead-end proposal to 
the TLS working group (dead end in the sense that the working group 
rejected it, so it didn't matter much what CFRG thought about it 
anyway).  But it is not fair to imply that CFRG has not been doing its 
job over the years because of that.   (Perhaps you didn't mean to imply 
that, but I can't quite tell.)

There could, and perhaps there should, be a discussion about what should 
be in the CFRG charter going forward.   If there are people qualified 
and willing to do more active work that polices the security of IETF 
protocols, we could do that.   Or perhaps it would be best to move some 
of the work out of the IRTF and into the IETF, if that would provide the 
group with more authority (e.g. a way to say "no" and make it stick).   
I would guess that the Security Area Directors would be open to 


>>    regards,
>>    Dan.
>> _______________________________________________
>> Cfrg mailing list