IETF Logo Mail Archive

Re: [saag] CFRG, CFRG crypto review panel and IETF consensus

"Salz, Rich" <rsalz@akamai.com> Thu, 18 April 2024 19:06 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55918C14F601; Thu, 18 Apr 2024 12:06:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.841
X-Spam-Level:
X-Spam-Status: No, score=-4.841 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-2.049, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wq390sOFJm-I; Thu, 18 Apr 2024 12:06:33 -0700 (PDT)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [67.231.149.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B6C58C14F5F6; Thu, 18 Apr 2024 12:06:33 -0700 (PDT)
Received: from pps.filterd (m0409408.ppops.net [127.0.0.1]) by m0409408.ppops.net-00190b01. (8.17.1.24/8.17.1.24) with ESMTP id 43I2DCtB027413; Thu, 18 Apr 2024 20:06:26 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h= from:to:subject:date:message-id:references:in-reply-to :content-type:content-id:content-transfer-encoding:mime-version; s=jan2016.eng; bh=DHnPMZk/otAcJgGokc38BH4FsfMpu1VpkeZtLmwUWY0=; b= eRd0+GUvczBTdvdhhfXpD2godIy4O+ev8Wchw1OGQ+AmLyi8SjKYHQx8dWIig5Xk EhX76Yh2p6paMse5rmCWobTO5geSjEQYaBc26IGzt5JtRWKH2LIaJbdBylYdwUyN eF6TL07WD9tAvoScEz4K5y6nSAdsky10DpkJyza6qdik7EytxkRacVz5MpbvXzcu FWNqhPOgG3hCUXTOVRd95wPPa9pF0rJFTUl4RyS9n0a4kOErYAe3dUkRoX5qx0U6 d5aoqLVH04YOtEtFvLy/t8pG22t8kX+CaMNxL2fhq5ievq6AWIMVWZ5atyRXDd7/ aIor0/zpVhWafsIHz7FSVw==
Received: from prod-mail-ppoint8 (a72-247-45-34.deploy.static.akamaitechnologies.com [72.247.45.34] (may be forged)) by m0409408.ppops.net-00190b01. (PPS) with ESMTPS id 3xjstf7wt7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 18 Apr 2024 20:06:26 +0100 (BST)
Received: from pps.filterd (prod-mail-ppoint8.akamai.com [127.0.0.1]) by prod-mail-ppoint8.akamai.com (8.17.1.19/8.17.1.19) with ESMTP id 43IHsuII005955; Thu, 18 Apr 2024 15:06:25 -0400
Received: from email.msg.corp.akamai.com ([172.27.50.201]) by prod-mail-ppoint8.akamai.com (PPS) with ESMTPS id 3xfncyfxbs-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 18 Apr 2024 15:06:25 -0400
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com (172.27.50.203) by ustx2ex-dag4mb2.msg.corp.akamai.com (172.27.50.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28; Thu, 18 Apr 2024 12:06:24 -0700
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) by ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) with mapi id 15.02.1258.028; Thu, 18 Apr 2024 12:06:24 -0700
From: "Salz, Rich" <rsalz@akamai.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Watson Ladd <watsonbladd@gmail.com>, IETF SAAG <saag@ietf.org>, "cfrg@ietf.org" <cfrg@ietf.org>
Thread-Topic: [saag] CFRG, CFRG crypto review panel and IETF consensus
Thread-Index: AQHakbRrR13rL8G3vEiSZXAPp8gvDbFu2DIA//+9sYA=
Date: Thu, 18 Apr 2024 19:06:24 +0000
Message-ID: <24619CA2-A016-4C5C-ABF3-0F0B045C150A@akamai.com>
References: <CACsn0cn_G=aAB_XdNrEoxfdPkKucjC4RRvNhtns=zR7bUuvYLQ@mail.gmail.com> <53ac606e-2c27-4fb9-a456-4787f1747406@cs.tcd.ie>
In-Reply-To: <53ac606e-2c27-4fb9-a456-4787f1747406@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.83.24033013
x-originating-ip: [172.27.118.139]
Content-Type: text/plain; charset="utf-8"
Content-ID: <C0AA50479A90AD47AD9C9B382D5CD04A@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-04-18_17,2024-04-17_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 malwarescore=0 mlxscore=0 suspectscore=0 spamscore=0 bulkscore=0 phishscore=0 mlxlogscore=794 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2404010000 definitions=main-2404180137
X-Proofpoint-GUID: hMnc5u6IBF_OjwFbqdezpY5hVOE2AvZh
X-Proofpoint-ORIG-GUID: hMnc5u6IBF_OjwFbqdezpY5hVOE2AvZh
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-04-18_17,2024-04-17_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 spamscore=0 adultscore=0 mlxscore=0 impostorscore=0 suspectscore=0 mlxlogscore=710 clxscore=1011 bulkscore=0 phishscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2404010003 definitions=main-2404180137
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/aH4uJTeKK3x84N8bCVV-cTZEcZI>
Subject: Re: [saag] CFRG, CFRG crypto review panel and IETF consensus
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Apr 2024 19:06:37 -0000

Adding CFRG to the thread .

On 4/18/24, 3:04 PM, "saag on behalf of Stephen Farrell" <mailto:stephen.farrell@cs.tcd.ie> wrote:

Hiya,


On 18/04/2024 18:18, Watson Ladd wrote:
> Dear SAAG,
> 
> I am quite confused about how the relation between IETF work and CFRG
> work and the crypto review panel is supposed to work. In the SSH
> NTRUPrime discussion it appears that a negative report from the crypto
> review panel is reason not to standardize an algorithm choice or
> register it in the IETF space for a protocol, and that this comes
> without discussion of the merits and consensus among even the CFRG
> participants.


I agree the above has been stated as being the case and
would be hugely problematic. Even a CFRG consensus that
something is bad ought not by itself be sufficient reason
to block the IETF, never mind a crypto panel review that
wasn't a topic of discussion. It's ok that either thing
is weighed in reaching a conclusion but there should be
no vetoes.


I think it'd be good if this situation were clarified.


Cheers,
S.


> 
> I don't recall this being the way things used to work, and I think its
> had very negative effects on the way the CFRG functions, as well as
> stretching the IETF/IRTF distinction beyond the breaking point. Simply
> put having knock out contests like we did for curves and PAKES,
> combined with an endless series of reviews and last calls creates some
> very adversarial debates and raises tensions and hampers cooperation.
> It also moves away from the running code part and rough consensus: if
> a group of people have made choices that work for them, we now make
> ourselves irrelevant by saying no rather than trying to accommodate
> their concerns. The CFRG review panel is not well placed to have these
> conversations as it knows nothing of the broader context and has very
> limited interaction with the proposal.
> 
> It also puts the CFRG into a place where it is making standardization
> choices that properly being to the IETF, and not even the CFRG but a
> subpanel. The massive backlog of documents results in part from an
> extremely lengthy process even after RGLC, which I think results in
> part from the higher perceived stakes.
> 
> This isn't to say that we should abandon security examination of
> proposed algorithms, but it's pretty clear that we have treated
> cryptographic primitives very differently in ways that undermine core
> principles of the IETF process.
> 
> Sincerely,
> Watson Ladd
>

v2.23.0 | Report a Bug | By Email