IETF Logo Mail Archive

Re: [saag] CFRG, CFRG crypto review panel and IETF consensus

Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 18 April 2024 20:25 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46D3DC14F6FD for <saag@ietfa.amsl.com>; Thu, 18 Apr 2024 13:25:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.997
X-Spam-Level:
X-Spam-Status: No, score=-6.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BKfyHgKCyvI3 for <saag@ietfa.amsl.com>; Thu, 18 Apr 2024 13:25:15 -0700 (PDT)
Received: from EUR03-DBA-obe.outbound.protection.outlook.com (mail-dbaeur03on2131.outbound.protection.outlook.com [40.107.104.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2CF24C14F70C for <saag@ietf.org>; Thu, 18 Apr 2024 13:25:14 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=D0hrkuqE4jQTSM/F9g5slig0Gm+A2Vw8SUOVrw1Osnu6IuR8GAxBB0HyIRc1FjGOC+7618fVj0a8hXcJTG/DanNO2n/vyC43J/ZI/jPnQPyCmZS79X2ntQVv1syxRoYiuUkV/uKozizcBdVJcckW+RomZtKXo6aHDPFHwkL/OmcuHnqdENBMIG//ti8OrAWKvVSuqmz6TSgTO3Z/kbkt7VJDmKa+MvWR6cVVuPbPy9yHolZ4EENjaOxZox2IEkaUFbobvJGOxF0GpAgOwo2z9lQpfT/HhdERHdC2VN6xj/C6YpLCGAq5+9CpGePSeExRKRkpyTCK6MNYT16eEJB+Qw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JJ3K1J3M2m93GY9AHzbUVqHgu6xTqqDSD+I2eeQFKs0=; b=eLWpHOP9oX2uzcQ6wMYtxciQZoN1Xo8fYxBYekaccgWrMAAOMFD6vecZ+ycWOCE7MrCNknT27Z2Pqsh7jXsoqRyXsBrcPPYsucY5rwsnH0FsLn5OFWMnAPKCEUAjM4O5jLqt1BPLJFT60k+qGED5vw41YK2QHMVQIx/WKE5j9S5mIuv7u1cgNJkaYNBlO+8oCNU2muLrv7NUeLTVx9NgURsHs7mZqd8s+/Q2OFQArWBnlcsebspvJFEDQf+jRq7QiKw0TW/bw+CIts9W1hA+5HiSgDwRGjWe3WeYZdEBq3rcIFds7Qw3/VxVCMyMSVIYxCgnKlJHJkZu/poyedZERA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JJ3K1J3M2m93GY9AHzbUVqHgu6xTqqDSD+I2eeQFKs0=; b=mswsihvBH7lFaWy1PPU65ayiXXW0FGv6uZZHeHGjlEApauHWDRzKzxyxgMp7LJL1TmmCS6gObvM5rd4XRMcbk6RdCBRXeNq25lzqEmQRc1vrVN+OxgHNJpND1yFw/4WJFmbpBK3QQQwYAhbWWIc/hRHWnU+aRUNoBmOZJteQCykZx97F5ccS5FVz4/Sfh7KBnYHe8dLak2hsFZ3SeOF+NLrr4oa0boXRjbdRoUgqK4ZnCCKRoF1lADgkWto/9xXl8CbDzZFNZyfQtJRYxFwhUxxDBqMk1MAk3uWW9RPfm01tdGDT826aiNhmlbKyC3ikxqm9SVRsxdAwyn12sFQzVw==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by AS2PR02MB10386.eurprd02.prod.outlook.com (2603:10a6:20b:5fe::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7472.39; Thu, 18 Apr 2024 20:25:11 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::4421:1ca6:59b4:20c9]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::4421:1ca6:59b4:20c9%7]) with mapi id 15.20.7472.037; Thu, 18 Apr 2024 20:25:11 +0000
Message-ID: <4362f680-59ea-4d1f-b4c0-855f34de5b6f@cs.tcd.ie>
Date: Thu, 18 Apr 2024 21:25:09 +0100
User-Agent: Mozilla Thunderbird
To: Eric Rescorla <ekr@rtfm.com>
Cc: Watson Ladd <watsonbladd@gmail.com>, IETF SAAG <saag@ietf.org>
References: <CACsn0cn_G=aAB_XdNrEoxfdPkKucjC4RRvNhtns=zR7bUuvYLQ@mail.gmail.com> <53ac606e-2c27-4fb9-a456-4787f1747406@cs.tcd.ie> <CABcZeBPFXOzvwLdO_KFfaWmQsGD8HcuO14X5aPap09rEHwi8Og@mail.gmail.com>
Content-Language: en-US
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Autocrypt: addr=stephen.farrell@cs.tcd.ie; keydata= xjMEY9GzphYJKwYBBAHaRw8BAQdAo6JvjmSbxHdQWPZdvciQYsHhM1NxQBU398Mmimoy4p7N M1N0ZXBoZW4gRmFycmVsbCAoMjU1MTkpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPsKQ BBMWCAA4FiEEMG54R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwMFCwkIBwIGFQoJCAsCBBYC AwECHgECF4AACgkQ5Njp+ZeoM93bogEA25ElRyX0wwg+kGEN1AoL60MoZfvQZ/VtmXY6IC5j +csBAIBpkL5ySuzJK2zLNZn9qQGht8IaUcA7cvDcLvS2uHUEzjgEY9GzphIKKwYBBAGXVQEF AQEHQILCPWOwW36e8D3pY8GmvvtItIT+A5uV80ist+WokVsQAwEIB8J4BBgWCAAgFiEEMG54 R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwwACgkQ5Njp+ZeoM92bcAEA8R+8cpqRUIS+SoAN iO05xE6O/wEx8/e88BqzAYki3SoBAOQdwiPX+MQrAxkWD8xxOsdMOAtxYKpkD1n8aPJUw6QJ
In-Reply-To: <CABcZeBPFXOzvwLdO_KFfaWmQsGD8HcuO14X5aPap09rEHwi8Og@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------N00JJAwX5B1rpVNP2MsKxAIb"
X-ClientProxiedBy: DUZPR01CA0329.eurprd01.prod.exchangelabs.com (2603:10a6:10:4ba::28) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB7PR02MB5113:EE_|AS2PR02MB10386:EE_
X-MS-Office365-Filtering-Correlation-Id: 2077ef77-9368-466b-f947-08dc5fe5a5a6
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: Fdck8Mxo3Bx3GBdvvrlUw9J85GDnJnmwmfGFLdU8YWFQ/oqqziipfkFFMTCxOdGeuO1lsPlxblDgo6CMbbKjp41T5NPxwSRecYs6H0LibxVl4gqCzKV86t/w+VTSy5uCY/6UPT0+TgrThtuPBFNAywiG1J5GD2N79AvBwj5i4omDiJQwqpq2mX9fgmJOMUNYq7OsjixmnSXS+rt7LYA34vwRnxxBgNro68FfrUuwhsvlJB0kpicYL/CugcJmoiAtiy+25VYo0K0S91OEk1G6yu3VCvP+8v5ox3lH/bfgBlPyV7P2AmA2tSZjXpjbOABzx0Eg+9dJmyxUw3sCznzxmOOgkROzVY4q+pyLxdJ61lg3zZtW2FEJzeEgLl/5VijtH8SK8L+nUpSkdV+K3s617wH3CDpKWSMFyVMgasbpBMIvbca0VFxLFEaxCWrZBfOJyFK8nXvetCM9xvR5tth1Kein/Q0EWJOmI0vhTnyiulCmMkvEaiWTgRaau87fxxLq82BxiF8iT+AbaSikRGxP28nyopE+/8wT+nnc/lP2Gc9IW8Ba8x6jd7dnpdiDb39mdfFcihVAHUDYadrRJjorA0Jkl+vUmbY8a6LFxAI1KP9fVtTmXcA/nnMt4P44QhtO4LdrxTW76ZEedMP97iJ/yexXDgD1oQblEjuNaDRobX4=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(1800799015)(376005)(366007); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: nCwYpgMI6bvKKdBh1e5l+riBJ9SjjgXEGB0lvzA1iu+TEMt7oYQi/L7Z29SGcDL8p1awpUkVHjDvlJbRn2Xfd0GfV3iYZZVow52l/NmPLyW2K54S+GHByRNb4aGqnse3msMDz4hc0JtIbYRYit8jNgx3XejN/KpQ7OrSUVIpF0QcQ9A3MHAiWlHtmcxv+rWqfria5rJE/m1/KcwtRSsDe7TTBT5fy06R/X16CEb5nww1nOL0abDkD3QgmfWRytftlOPkCDpUiblJ2VjVCD/1aHGpZHGYjc5eG9rYJ0FxPlZAElvzTlJw8wh9ZprBVQvf2riUE6+hT5Aaze5XW7g9UXz0o5OOD09PuW2N16Y2xGS1KySsy+ph9RAmlRVDw3rANPQXZA2F2+G+iHVGZum9GpRTKjn4ypB0VaYD+CpsIc4IFr5F5VJ5EndAwO8jnnfch3mC0UEmREbZ3Y5h8CRO8qTUAOMcTdlyyyG+7Ki2/AWFeicnsYzTVvj85XAsgQW57kuh0w704/sCAHUx1ZznOIHnXxmNHAvCt5LqW1nJXpsE4nIaG7oUoKAxsjujaE4ThnUtEsyKq+SsIp2DzA+DZ7cHe6MiPhnkbyshrVzOGMUQbI0ADoa18uv8EYiQuOtJTcgMTwF0Ib/WrraIxmb5pa9XsomAVbLIFNa1p8rPOFyJ4OVinvoYFaXud5wRuWla5ijkyug6t/wkICSqHSXMkyRW3NSr6Pjrqk/2TSZrS9NnmGhqphksrYUviZvGqd04USxhaQMulalDREjM5DMeIQT8Bjs3nUZkl7V89bplsNb9VWraCnj4O+TXefYrEtwjbThs874WY15lcA996qndKLfw/9AMerHgLJh2wq9dcaKFoZxU9D6FnFTQLGsZqNKbNzHK7IPezfwiTLW+JzfaRTcgOGUAquGbW7otEgI4t1PucPnDSJMGfP8Yz/WwBCthLkEw3JUSA69iItxNIaUp9w7z0YUXUsOcPUL1lkLsoUygogNNlFklaSRLJxeKk5BQ/ubxFYyb/UMDcqghnR7XgJB7auXbRwAnFMEADwdri9/aO/yuIV6HYsbSK0WBpfpzYWEUMl4cb0zcAhnQ0FTfF4ro5wo6PcqKwJg0STt5ot8DV5T9wpd4zrp2MdICZoJ5QmHlSCJDPQ9qyqaXf6IUafVyylvF+IZK3xBqJm/TLGj7q3phkuSnHO2xos9yKDdt1iPR8ORjCW/i98Mstf2nPnSioIj6dfJznsyzRGAm3YamLy/xVVihchMqN26PmBpca4er1r0bEY8k3JJmDzsaJ3deaWITTno7Fd6cSweNSL5ZNGFSzUBA1qDQTDgPD1x0EjlR/vhuQqub/vaVtu11nqxlf5d0w1576irPbTc0I31KL9j61LU6XN+l3TNDMasS0oaTCANQfvjPJ3zJ6K3XN5qUK5Gtzr7K3IngClPf2T7xu/NXg7iKXwY8GOgdjm4E9rWvEb4RlAiMPlLlqaP+DNE5Wpei53JIBtKxpFS4RJdLaf4hS4LL6l89ICFthtPO92e6+fyE1rqLSjZgIALQzuGHUnz7EugyAb0Fp+qMUArbwbnx33AYkXjoxb8M1ZrdhteyuGgiNT+FNbyxT9bA+VwEpLczU1t/K+i+TF8dADCuEkNBjeDDLw4fhWik96Eh
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 2077ef77-9368-466b-f947-08dc5fe5a5a6
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Apr 2024 20:25:11.4418 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: lAOBp3rAt5ORiV8J2pO0a7xyaJkCEYXYV26YtBzxckkMP2pppdu5kAzI/koYp0oK
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR02MB10386
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/a6U46fCPqmZbzWFWWn6dRkzvzac>
Subject: Re: [saag] CFRG, CFRG crypto review panel and IETF consensus
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Apr 2024 20:25:20 -0000

Hiya,

On 18/04/2024 21:13, Eric Rescorla wrote:
> On Thu, Apr 18, 2024 at 12:04 PM Stephen Farrell <stephen.farrell@cs.tcd.ie>
> wrote:
> 
>>
>> Hiya,
>>
>> On 18/04/2024 18:18, Watson Ladd wrote:
>>> Dear SAAG,
>>>
>>> I am quite confused about how the relation between IETF work and CFRG
>>> work and the crypto review panel is supposed to work. In the SSH
>>> NTRUPrime discussion it appears that a negative report from the crypto
>>> review panel is reason not to standardize an algorithm choice or
>>> register it in the IETF space for a protocol, and that this comes
>>> without discussion of the merits and consensus among even the CFRG
>>> participants.
>>
>> I agree the above has been stated as being the case and
>> would be hugely problematic. Even a CFRG consensus that
>> something is bad ought not by itself be sufficient reason
>> to block the IETF, never mind a crypto panel review that
>> wasn't a topic of discussion. It's ok that either thing
>> is weighed in reaching a conclusion but there should be
>> no vetoes.
>>
> 
> As far as I can tell this isn't "blocking the IETF".  This is an individual
> submission,
> AD sponsorship of individual drafts is entirely at AD discretion, and Paul
> has
> opted not to sponsor.

I agree it's entirely up to Paul and any AD as to whether
or not to AD sponsor a document. That wasn't what I was
asking be clarified.

To be more concrete: I think at one point Paul described the
crypto panel review as a consensus process which it's not.
The 2nd mis-statement was that an AD should not sponsor
any document that had received a negative opinion from CFRG,
which I think oversteps the bounds of IRTF/IETF interactions.

I'd hope clarifying these things should be straightforward.
(And has nothing to do with SSH.)

Cheers,
S.

> 
> It would obviously be different if there were IETF consensus to form a WG
> and publish this draft and someone were citing the CFRG as a veto point,
> but that's not what's happening here.
> 
> -Ekr
> 
> 
>>
>> I think it'd be good if this situation were clarified.
>>
>> Cheers,
>> S.
>>
>>>
>>> I don't recall this being the way things used to work, and I think its
>>> had very negative effects on the way the CFRG functions, as well as
>>> stretching the IETF/IRTF distinction beyond the breaking point. Simply
>>> put having knock out contests like we did for curves and PAKES,
>>> combined with an endless series of reviews and last calls creates some
>>> very adversarial debates and raises tensions and hampers cooperation.
>>> It also moves away from the running code part and rough consensus: if
>>> a group of people have made choices that work for them, we now make
>>> ourselves irrelevant by saying no rather than trying to accommodate
>>> their concerns. The CFRG review panel is not well placed to have these
>>> conversations as it knows nothing of the broader context and has very
>>> limited interaction with the proposal.
>>>
>>> It also puts the CFRG into a place where it is making standardization
>>> choices that properly being to the IETF, and not even the CFRG but a
>>> subpanel. The massive backlog of documents results in part from an
>>> extremely lengthy process even after RGLC, which I think results in
>>> part from the higher perceived stakes.
>>>
>>> This isn't to say that we should abandon security examination of
>>> proposed algorithms, but it's pretty clear that we have treated
>>> cryptographic primitives very differently in ways that undermine core
>>> principles of the IETF process.
>>>
>>> Sincerely,
>>> Watson Ladd
>>>
>> _______________________________________________
>> saag mailing list
>> saag@ietf.org
>> https://www.ietf.org/mailman/listinfo/saag
>>
>

v2.23.0 | Report a Bug | By Email