IETF Logo Mail Archive

Re: [saag] CFRG, CFRG crypto review panel and IETF consensus

Deb Cooley <debcooley1@gmail.com> Thu, 18 April 2024 19:25 UTC

Return-Path: <debcooley1@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD5B5C14F691 for <saag@ietfa.amsl.com>; Thu, 18 Apr 2024 12:25:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.845
X-Spam-Level:
X-Spam-Status: No, score=-1.845 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ydW6GSPuUM46 for <saag@ietfa.amsl.com>; Thu, 18 Apr 2024 12:25:54 -0700 (PDT)
Received: from mail-il1-x12c.google.com (mail-il1-x12c.google.com [IPv6:2607:f8b0:4864:20::12c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 452A4C14F680 for <saag@ietf.org>; Thu, 18 Apr 2024 12:25:54 -0700 (PDT)
Received: by mail-il1-x12c.google.com with SMTP id e9e14a558f8ab-36a1e9b94d4so5251315ab.1 for <saag@ietf.org>; Thu, 18 Apr 2024 12:25:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713468353; x=1714073153; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=wRKkjSJPVH12ZUBqFJNJaNfxS0O6Da/GX2YBHRIPSfg=; b=Lob+Db71g/rwzCb75c2gyCnVsrwG6bVORiGlpMi4PnMJ7WzxAuuf6+CXHcOpTO6K6P Y4PXwju2GBeRsl1c9WA9B644egUrx4M1EKmH3PVoNkss3/BP94pfDPdm+JtrTlqQKJoA Gmm7DFh0PJg5XyyTlQW8XC1pMownC8nsKWdB1mJFixJYV/CH+PHjYs2UuqOjYOmcseyH 1XKQHHHdq3M4NuFQwrEhkjbThKeeqeCtR4rX+eUC3uHe/dLa2EP3S9DXFU54tXa5uTmd jfT3l1WcOygvkHExKbloquUUrE4wt/PJ6nEZ6E3GK13mDCjsVdoNcEk4ZGmoeOx14acp NofQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713468353; x=1714073153; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=wRKkjSJPVH12ZUBqFJNJaNfxS0O6Da/GX2YBHRIPSfg=; b=Anwa+Tozrrah8IoLTmgo6JDXjGfhx21u//TnuR2Tsi3SaSd9tZD6mbhvpx5AYd/zDa gNwuEVqIiamPoPqIATT8yDC+lcTB3m4VbiZzJBl8i2Wv5icvwiYmyIJbRV/eiMro1hqk AJ/UkNqz1+py0Ebu0l+rEtBCS5BhpaYdDN3NnbfF71z/jaTtZX9r2U2GjpPaQ9yqsJx7 2nOwG4ZKlaQO2MJhM3ouy3cS0HSY8d+p4MX55N3/3u/F7GbojSwHgoWZsAWhE4gr57JD TbYYq4rJeFZy+g+hTwpofntk1UhLD/g8S4Ubmm3+UUe23H1Mfq51wewNUe/YQxy52RNf n+XA==
X-Forwarded-Encrypted: i=1; AJvYcCU9SQwtzZ5FbI0zJq/v4bU3BqHKq28WTmaafL3gyqAJrBPb084+U6T7gWad4ooheBNb0fqGfkH0be6Pm96Y
X-Gm-Message-State: AOJu0YxIdmDXuZLDPEsL0W75Q+Hi3lrDc6yKSkg8IxMaL11FEw0mySWB hDgLaAHa5eqB6Diwi4rzNLEcpROElL7Vt856uGqakUQIbu35nA+Qj7hv/rioSakxOzpddTL50+I xrnGYt2a5uUOyTaWDbxu7CeVK/A==
X-Google-Smtp-Source: AGHT+IGlzf6MosqDBy0632IsoCRcfsT4jP7sMSuVC1FXjW3TX8PVadwwnQKGHo7ujXz6D7mHI9CFf9YFY/L5HpoWZ4g=
X-Received: by 2002:a05:6e02:1689:b0:36b:3a3c:f1c3 with SMTP id f9-20020a056e02168900b0036b3a3cf1c3mr92104ila.30.1713468353280; Thu, 18 Apr 2024 12:25:53 -0700 (PDT)
MIME-Version: 1.0
References: <CACsn0cn_G=aAB_XdNrEoxfdPkKucjC4RRvNhtns=zR7bUuvYLQ@mail.gmail.com> <53ac606e-2c27-4fb9-a456-4787f1747406@cs.tcd.ie>
In-Reply-To: <53ac606e-2c27-4fb9-a456-4787f1747406@cs.tcd.ie>
From: Deb Cooley <debcooley1@gmail.com>
Date: Thu, 18 Apr 2024 15:25:41 -0400
Message-ID: <CAGgd1OeHPGMriR6HYtOkwgD=_M1M=CNggjMRE=4rb+gTVKP2EA@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: Watson Ladd <watsonbladd@gmail.com>, IETF SAAG <saag@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008806c2061663f0a4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/ZWLVwF8Lfr7zVRDvvn6pX1cCsNY>
Subject: Re: [saag] CFRG, CFRG crypto review panel and IETF consensus
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Apr 2024 19:25:58 -0000

SSH:  As it happens the SSH draft asked for a code point last year, and it
was approved (in Nov 2023).  We are working to make sure that code point is
visible on the IANA registries.

Where we go from here is dependent on the SSH community's desires.

Deb Cooley
Sec AD

On Thu, Apr 18, 2024 at 3:04 PM Stephen Farrell <stephen.farrell@cs.tcd.ie>
wrote:

>
> Hiya,
>
> On 18/04/2024 18:18, Watson Ladd wrote:
> > Dear SAAG,
> >
> > I am quite confused about how the relation between IETF work and CFRG
> > work and the crypto review panel is supposed to work. In the SSH
> > NTRUPrime discussion it appears that a negative report from the crypto
> > review panel is reason not to standardize an algorithm choice or
> > register it in the IETF space for a protocol, and that this comes
> > without discussion of the merits and consensus among even the CFRG
> > participants.
>
> I agree the above has been stated as being the case and
> would be hugely problematic. Even a CFRG consensus that
> something is bad ought not by itself be sufficient reason
> to block the IETF, never mind a crypto panel review that
> wasn't a topic of discussion. It's ok that either thing
> is weighed in reaching a conclusion but there should be
> no vetoes.
>
> I think it'd be good if this situation were clarified.
>
> Cheers,
> S.
>
> >
> > I don't recall this being the way things used to work, and I think its
> > had very negative effects on the way the CFRG functions, as well as
> > stretching the IETF/IRTF distinction beyond the breaking point. Simply
> > put having knock out contests like we did for curves and PAKES,
> > combined with an endless series of reviews and last calls creates some
> > very adversarial debates and raises tensions and hampers cooperation.
> > It also moves away from the running code part and rough consensus: if
> > a group of people have made choices that work for them, we now make
> > ourselves irrelevant by saying no rather than trying to accommodate
> > their concerns. The CFRG review panel is not well placed to have these
> > conversations as it knows nothing of the broader context and has very
> > limited interaction with the proposal.
> >
> > It also puts the CFRG into a place where it is making standardization
> > choices that properly being to the IETF, and not even the CFRG but a
> > subpanel. The massive backlog of documents results in part from an
> > extremely lengthy process even after RGLC, which I think results in
> > part from the higher perceived stakes.
> >
> > This isn't to say that we should abandon security examination of
> > proposed algorithms, but it's pretty clear that we have treated
> > cryptographic primitives very differently in ways that undermine core
> > principles of the IETF process.
> >
> > Sincerely,
> > Watson Ladd
> >
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag
>

v2.23.0 | Report a Bug | By Email