Re: [Cfrg] Requesting removal of CFRG co-chair

"Dan Harkins" <> Sat, 28 December 2013 01:44 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 410A41AEC1F for <>; Fri, 27 Dec 2013 17:44:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.467
X-Spam-Status: No, score=-2.467 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id kUvV8gNGIFVs for <>; Fri, 27 Dec 2013 17:44:45 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 8868A1AEC1E for <>; Fri, 27 Dec 2013 17:44:45 -0800 (PST)
Received: from (localhost []) by (Postfix) with ESMTP id 79A8A10224008; Fri, 27 Dec 2013 17:44:40 -0800 (PST)
Received: from (SquirrelMail authenticated user by with HTTP; Fri, 27 Dec 2013 17:44:40 -0800 (PST)
Message-ID: <>
In-Reply-To: <>
References: <> <> <> <> <> <> <> <> <> <> <> <>
Date: Fri, 27 Dec 2013 17:44:40 -0800
From: Dan Harkins <>
To: Watson Ladd <>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Cc: "" <>
Subject: Re: [Cfrg] Requesting removal of CFRG co-chair
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 28 Dec 2013 01:44:47 -0000

On Fri, December 27, 2013 3:56 pm, Watson Ladd wrote:
> On Fri, Dec 27, 2013 at 6:12 PM, Dan Harkins <> wrote:
>>   Yoav, Henrick (and probably others),
>>   It has been pointed out to me in private email that this sentence is
>> quite ambiguous:
>>>>>> On 2013-12-24 21:09, Dan Harkins wrote:
>>>>>>>   Realize too that had Kevin's employer not given these people the
>>>>>>> opportunity to strike their fashionable pose there would be no
>>>>>>> discussion
>>>>>>> of IRTF process or what the CFRG's place in the world is.
>>   I meant that Kevin's employer presented a convenient (and fashionably
>> popular) target to criticize. I did not mean that his employer was doing
>> anything to create the environment in which people can comfortably (or
>> fashionably) criticize.
>>   Hope this clears it up.
> This whole mess started when thanks to your draft, it was revealed
> that a lack of effort by the CFRG
> was reported as a positive statement on security. The supposedly
> "open" CFRG had over the years atrophied,
> to the point where the chair would think that no objection was
> equivalent to a positive review.

  You continue to misrepresent what happened. TLS did not ask for
approval or blessing, or a "positive statement" on dragonfly. "Is there
a problem with this?" is not the same as "do you think this is the bee's
knees?" Certainly you must understand that so your continued
misrepresentation can only be intentional.

>                                                     As a participant,
> do you feel that that is an adequate foundation for this WG's activities?

  Being a non-participant, you have formed a conclusion about what
happened vis-a-vis dragonfly and the CFRG and then gone back in
time to justify that conclusion. That is illegitimate.

> That the chair works for an organization devoted to subverting crypto
> standards, and that had in fact done so on several
> occasions (DUAL_EC_DRNG, Crypto AG, the RSA side payment attack) makes
> this sort of misstatement, and the fact
> that several long-time members regard it as acceptable, quite
> worrying. The NSA is a *fashionable* target because it's
> one of the few actors with a mission involving subverting standards:
> if Cisco makes a secure standard they prefer, I really
> don't care.

  I'm glad you acknowledge the fashionableness of the NSA target.
The problem is that people are misconstruing "making a statement"
with action. They think that a provocative (and exaggerated) public
statement is somehow bold and edgy and that is enough to elevate
the speaker to a certain status (pat oneself on the back). There is a
sad disconnect today between rhetoric and action, people seem to
be more happy tweeting hyperbole to slavish followers than actually
helping solve a problem. And I count you among them.

  The IETF is making a very serious effort to address the problem of
pervasive monitoring and it has asked for help. You have trivialized
that effort with your grandstanding. What you do is for your own
aggrandizement, not for the betterment of the Internet community
as a whole.

> Do you believe the CFRG has provided good service to the IETF during
> the years it has been active? Do you believe
> that the CFRG has increased the security of IETF produced protocols?
> Let's focus on the issues here: the CFRG
> isn't doing its job.

  I actually believe it is answering the questions it was asked in an
appropriate manner. It is doing it's job.

  You have told me previously that you think it only takes 30 minutes
to generate a standard, as opposed to the 2+ years I said it takes
(and I have one of your unimplementable, laughable, and incredibly
ambiguous "30 minute standards" too). That, to me, illustrates, at one
end, a cute and quaint naivety, and on the other, an arrogant and
clueless disregard for the work of others.

  It might help if you actually get involved in the process and help
solve problems before you tell people that the process they went
through is wrong. You have stated numerous times about the
inadequacy of RC4 in TLS. So, write an Internet-Draft on the subject!
Accept and resolve comments. Get involved before you pontificate
about how people are doing things wrong.