Re: [saag] CFRG, CFRG crypto review panel and IETF consensus
Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 18 April 2024 19:04 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A222C14F619 for <saag@ietfa.amsl.com>; Thu, 18 Apr 2024 12:04:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3_3fWmn6a-Mc for <saag@ietfa.amsl.com>; Thu, 18 Apr 2024 12:04:08 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2093.outbound.protection.outlook.com [40.107.22.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 92C37C1840DF for <saag@ietf.org>; Thu, 18 Apr 2024 12:03:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=d5hwwT2IS0kRoZlyyohwLlyTGZsb3dc1Ym523vv1J8mzl9t3lCijc20mJGc36Hk/kOTqD9SYj24tIHbykrRzXJZayCBWnmX5nmVc77X/GZQf3K/mAQqvQopOW7kioyhO/xmk5YOA86eJy1ZDnlhPQmXl6wVnvjVrf90ygRuXaj7q1KIIMIKEx2FxFjOqwvXgiq4vuN6orslMeTOA4jWt1UoLyA+ZcpqMqJFPl2YXSxXRdDDP1L/GuvTYhkfAgZH1tzYfdHbRTjQffL60q0+LVtladT5twa3XWw4x0M2XglakLN4qrJT4lJdeRLEDqawer2HZhiv2k1+Y6F1ulthRnA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4K1/np/Alp0VthtyF5p14naKhjg3upy3VH1tPx+f8cQ=; b=KwQABBfjPuVOid01KylvzfAxIucRdvBs/rSeleqDZumDBBBuspBWCv/cPOYjnT2oM2vg8uEKTvlUeS+t1d/d11iZ9IvOfa5BmxEwNqjOGfZcVkIwpOJqsNQp9XVftlPmpRMjNU9kJaS47uVlFLa1ciZigW8jh8Pdk5nIBqBmz97F4L+AGfXB92h9YTNvgFiwCvBAA6fj6RqgGDjGFQULm3WVH1i4n6AJR5gqOj9mwmGBzLtrNgYIynPz8LIbLhd/mViRy7eDGkXMV21s+agfe9OozYhF6EqrtY9L7/19o45zAiq45sJIpENWyRP/FOL+fQ0vllkHTtqMGviF8MGaEw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4K1/np/Alp0VthtyF5p14naKhjg3upy3VH1tPx+f8cQ=; b=B6d4csddmnT4wMAZrKuhGS3g90/NS7/Qi896Mg0GC0+nlXSkeMi3nQj5L+r1zAvunbJ0LxQnOW9KjpHjBQvH5Fdr/Nd+AkjGREZnEJJTN+xI2yE4N4MCgFhhjlENlkXKRYHiGtdTxbNIeQyisKEEyF+mW+jpIgVwmnbyXewGssZEvBAqq7YJRUj0qWHyZ7XvUxabqUTe73JaZFMRbUtrpTTmHoW/EpydhZ7xldFSZ4YpPPJBsO7I7EqJ3EIETqxlElOLb/sObqgU1Kt8useJC4bHcxoy4jDQlU9Mvdi1Etnmq4zETvZzUswV85ee2YVkHY/LsCdR0IkMqA4uXpfMvQ==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by AM7PR02MB6226.eurprd02.prod.outlook.com (2603:10a6:20b:1b6::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7452.50; Thu, 18 Apr 2024 19:03:45 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::4421:1ca6:59b4:20c9]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::4421:1ca6:59b4:20c9%7]) with mapi id 15.20.7472.037; Thu, 18 Apr 2024 19:03:45 +0000
Message-ID: <53ac606e-2c27-4fb9-a456-4787f1747406@cs.tcd.ie>
Date: Thu, 18 Apr 2024 20:03:42 +0100
User-Agent: Mozilla Thunderbird
To: Watson Ladd <watsonbladd@gmail.com>, IETF SAAG <saag@ietf.org>
References: <CACsn0cn_G=aAB_XdNrEoxfdPkKucjC4RRvNhtns=zR7bUuvYLQ@mail.gmail.com>
Content-Language: en-US
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Autocrypt: addr=stephen.farrell@cs.tcd.ie; keydata= xjMEY9GzphYJKwYBBAHaRw8BAQdAo6JvjmSbxHdQWPZdvciQYsHhM1NxQBU398Mmimoy4p7N M1N0ZXBoZW4gRmFycmVsbCAoMjU1MTkpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPsKQ BBMWCAA4FiEEMG54R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwMFCwkIBwIGFQoJCAsCBBYC AwECHgECF4AACgkQ5Njp+ZeoM93bogEA25ElRyX0wwg+kGEN1AoL60MoZfvQZ/VtmXY6IC5j +csBAIBpkL5ySuzJK2zLNZn9qQGht8IaUcA7cvDcLvS2uHUEzjgEY9GzphIKKwYBBAGXVQEF AQEHQILCPWOwW36e8D3pY8GmvvtItIT+A5uV80ist+WokVsQAwEIB8J4BBgWCAAgFiEEMG54 R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwwACgkQ5Njp+ZeoM92bcAEA8R+8cpqRUIS+SoAN iO05xE6O/wEx8/e88BqzAYki3SoBAOQdwiPX+MQrAxkWD8xxOsdMOAtxYKpkD1n8aPJUw6QJ
In-Reply-To: <CACsn0cn_G=aAB_XdNrEoxfdPkKucjC4RRvNhtns=zR7bUuvYLQ@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------GUP7Um9cCDYS73owz5UqqP7R"
X-ClientProxiedBy: DUZPR01CA0002.eurprd01.prod.exchangelabs.com (2603:10a6:10:3c3::8) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB7PR02MB5113:EE_|AM7PR02MB6226:EE_
X-MS-Office365-Filtering-Correlation-Id: ef3d84cf-a49e-44e8-a329-08dc5fda4536
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: +lbK9thhvPa2R8cPo7kY58aJfZsE7VLVMET58qsiJvERoh1wmFJmMN/mcrbR/2d/V0LO2e7LvjZPFcn518ILtIh02y8s6yrcaFJh5Oyj+SLP08aqVtrtrt19IiZ0pCoBVa3f8y2sONB0r5l3ZvvoBu+UBFphRXifLvuZ1r6XLDx5DQSp0AWi1trTdAKqxk3fh7PAtI80pDnSybJqDfCMaHkxwVnhDQCN3AUuWry5RsWASS0zKg38CxUi3L08zBo42Qxm5ONRwNyhWNck+7IGxWomCD5Jrl1uWhSSYKC/EuVfCreYhcSYWTSGEYbdHLYNRGx1Tz+u5veZu5tmQhv7RdDFKbR5pTTlulatjV5TffBdTm/MAokJCt95sxHL7irZy3mgJd2HY1WYZ+IDSE9mgw5xNQiUnyAdkaB4FX8QnGXQhFpqiQGAQ7vJIlBhwLAymv04XZ+e0ATIix4uwRIr+60I+TNdkLIKB2NYNY8pXFg/CnKui8Wiqc4kf0EvZFLLewX54bRie+V/WLraUNTd3L1/VFBhPgy4QhHd6HwSrqHn5rCibyWnyBdqJBF8j3tOlkO40zr/1C0fd0TjC37lkLXZkO7Rqj0XgAPzeNuPRQBf4OlcjWjwlEozruZgKDCy+0clp5N6gihbhguXTClH0U8UsKGmjfWtMo7XxcbshLM=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(366007)(376005)(1800799015); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: OJzKW/mKkJkFn725LAb0muqRVXA5XhF8RbFY4pR7rBXX/NTgffUUzqE3vZFswtAn2m8Q4Cgv+qWsdgdd+iPL1t6D8X9FkkIDujCzrtyp1MoW7TPM0tPWtuwGv54tXXfJFnnOLnGOViEDTIdqDB9CTKtdTZlK4/RxvBCgI+dyLfqFrZ1leTxdglgRfC3M5imMNpOufPQWjNBXr5P7wr9+fPJFN+ynHZqUjUjisJBoUUf9yjdjsdSEJlapmxAoXo7uPKuEJxDsThq7XtCaEEvUYtNpcy5Xvw0koTAUh0E+kBD4NP1o6onAMx3TBWXQ87ZuR2k36Er0+6V3GbHNkiAX5Sv+5tGSS1flStLOooOYQPv7VNEmvE7uEmp7BA0YZctrYonDZmMgtEZdEhivvYKcuHiW8Qlg893gBAMcw+IWpEXKtho32MBpUYTkbtqGR1lGjl4IY7TfXxIbocrsi++c/+6CNuyQP1vtOZ+D4A8jeBygUaiSvrIN6izR+oOBrGAWhQSTeHfpWRTYwuS/y6yPw15zXyxen6ckjSGyBkkzbLwvU5w/wtu7KwzgXI/tADxPPdepwHIWwElszj43iJ8mxEyqKciaTqVZtb5c95QrjjCfJ/AvbNsq6yGL+93fUImhSXgWCgk490hsW9xBZ+TidKWvTztnKnfQWFrd/+u9CpAV5nISBNd+n/3WHTl1sEs7Ni7MBXracSbQG4sdx0kQC1iNYdvOUtwDFRkFltdaniDBM0kcnWGr5aTre8JoZBoc89fl8DOF8fJDhy5yyjZk5STQg1X3MecOavEJsTOdlWVM7zcnT3tQyzDGaXvkj+DIao8rbRszP9sZLOT0l+xoRI/tp2s1M/4CsydS8rO/fJ5ZuNeNPkUmpoGHgTel4F7FjxQc4EfRLEc1PXiEIPiwM+02AC5TCq3S0A4uxyJWwnwYhEuhCdy7rpczk91aTfuVqv5mRaopNKOE6JzcbfC+v9d00kLIal+pDXPYGXQIXsfD12TtUEswWtBMs9F3OQBsILAmVB+FQZisL82tqyo6+rN6EWWIcOlq4LaFJOFC9rLc6vHjdCwBujv/pmNkGwN8GFuDX9oSTjopaU5Lb/gmbcPOhMoSS+nL3kdTsIVstc8a4xfSf+gCUZBGXrCvrLRxqWNIevo46CpqMZK0wJ7nkX4NKSD5bEKSh2iUaFxc9rZBGkCXhFnq+ucX1zZdCcBtXd7rO5/zzY2hdc3E1370/T1Oz1XmgOjOq2YHZbtEfsTZhgybBF6vUdiQsSAbEirynaVbNJx0wpQB7ex93YhQy5yyxEv33Z2/1sCZJvqGw2gu1f7Yu9zd0nOqas2rMrupnCsHoScjwf1cTJiLDfb/rvWYjqElDZUnY04kdoCMdqLpbTann7MvFYWOXnv8bHOBONGTtBsWV9pH1GLmjsyIWhYKuZl4gKQpzynn5wI/DsNfMs9wg5qQjLA1lj0lgSxFjmgkiQWTmch6LOIoaykS5z7IsIKQAV7ep93+wFQJyE18tfUBv74C1eQheCR87bBM5XZvtIHRaL7ufZ0hEytLuCmn6tGXEPNmzqOh/oCD3WTAfdv5hwqK1otryeqb1WEU3Cd2qnONsbQQnFEaoqnd2aSVHhY+XhkVAisPV8pOTRJNgt7IPOPKFj39OpyE2P0X
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: ef3d84cf-a49e-44e8-a329-08dc5fda4536
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Apr 2024 19:03:45.5331 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: Bcf7QItOvT9atMJEJobY1FyyJnNikr20XfTVFPbjHTz0Vlp6eRyr/Zs9eotadtKV
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR02MB6226
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/BJ9aItB-1DKmEMDIrEhERJVZA9U>
Subject: Re: [saag] CFRG, CFRG crypto review panel and IETF consensus
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Apr 2024 19:04:13 -0000
Hiya, On 18/04/2024 18:18, Watson Ladd wrote: > Dear SAAG, > > I am quite confused about how the relation between IETF work and CFRG > work and the crypto review panel is supposed to work. In the SSH > NTRUPrime discussion it appears that a negative report from the crypto > review panel is reason not to standardize an algorithm choice or > register it in the IETF space for a protocol, and that this comes > without discussion of the merits and consensus among even the CFRG > participants. I agree the above has been stated as being the case and would be hugely problematic. Even a CFRG consensus that something is bad ought not by itself be sufficient reason to block the IETF, never mind a crypto panel review that wasn't a topic of discussion. It's ok that either thing is weighed in reaching a conclusion but there should be no vetoes. I think it'd be good if this situation were clarified. Cheers, S. > > I don't recall this being the way things used to work, and I think its > had very negative effects on the way the CFRG functions, as well as > stretching the IETF/IRTF distinction beyond the breaking point. Simply > put having knock out contests like we did for curves and PAKES, > combined with an endless series of reviews and last calls creates some > very adversarial debates and raises tensions and hampers cooperation. > It also moves away from the running code part and rough consensus: if > a group of people have made choices that work for them, we now make > ourselves irrelevant by saying no rather than trying to accommodate > their concerns. The CFRG review panel is not well placed to have these > conversations as it knows nothing of the broader context and has very > limited interaction with the proposal. > > It also puts the CFRG into a place where it is making standardization > choices that properly being to the IETF, and not even the CFRG but a > subpanel. The massive backlog of documents results in part from an > extremely lengthy process even after RGLC, which I think results in > part from the higher perceived stakes. > > This isn't to say that we should abandon security examination of > proposed algorithms, but it's pretty clear that we have treated > cryptographic primitives very differently in ways that undermine core > principles of the IETF process. > > Sincerely, > Watson Ladd >
- [saag] CFRG, CFRG crypto review panel and IETF co… Watson Ladd
- Re: [saag] CFRG, CFRG crypto review panel and IET… Stephen Farrell
- Re: [saag] CFRG, CFRG crypto review panel and IET… Salz, Rich
- Re: [saag] CFRG, CFRG crypto review panel and IET… Deb Cooley
- Re: [saag] CFRG, CFRG crypto review panel and IET… Salz, Rich
- Re: [saag] CFRG, CFRG crypto review panel and IET… Deb Cooley
- Re: [saag] CFRG, CFRG crypto review panel and IET… Eric Rescorla
- Re: [saag] CFRG, CFRG crypto review panel and IET… Stephen Farrell
- Re: [saag] CFRG, CFRG crypto review panel and IET… Eric Rescorla
- Re: [saag] CFRG, CFRG crypto review panel and IET… Stephen Farrell
- Re: [saag] CFRG, CFRG crypto review panel and IET… S Moonesamy
- Re: [saag] CFRG, CFRG crypto review panel and IET… Simon Josefsson
- Re: [saag] CFRG, CFRG crypto review panel and IET… Paul Wouters
- Re: [saag] CFRG, CFRG crypto review panel and IET… Watson Ladd
- Re: [saag] CFRG, CFRG crypto review panel and IET… Eliot Lear
- Re: [saag] CFRG, CFRG crypto review panel and IET… Salz, Rich
- Re: [saag] CFRG, CFRG crypto review panel and IET… Paul Wouters
- Re: [saag] CFRG, CFRG crypto review panel and IET… Yoav Nir
- Re: [saag] CFRG, CFRG crypto review panel and IET… Michael Richardson
- Re: [saag] CFRG, CFRG crypto review panel and IET… Michael StJohns
- Re: [saag] CFRG, CFRG crypto review panel and IET… Melinda Shore
- Re: [saag] CFRG, CFRG crypto review panel and IET… Watson Ladd