Re: [saag] CFRG, CFRG crypto review panel and IETF consensus
Watson Ladd <watsonbladd@gmail.com> Sat, 20 April 2024 02:07 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A3A3C169410 for <saag@ietfa.amsl.com>; Fri, 19 Apr 2024 19:07:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HvQo0qSbh4rN for <saag@ietfa.amsl.com>; Fri, 19 Apr 2024 19:07:22 -0700 (PDT)
Received: from mail-wr1-x435.google.com (mail-wr1-x435.google.com [IPv6:2a00:1450:4864:20::435]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13CADC16940F for <saag@ietf.org>; Fri, 19 Apr 2024 19:07:22 -0700 (PDT)
Received: by mail-wr1-x435.google.com with SMTP id ffacd0b85a97d-346f4266e59so1778204f8f.3 for <saag@ietf.org>; Fri, 19 Apr 2024 19:07:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713578840; x=1714183640; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=sCPZj5QcxMJuFH3tBDxs4cs4yfTvBmEScUm7uUOFxO8=; b=jD2p0O3HWXHDnXyWEakfciHrJgWjVs7MqslixtRU9oJe/eBmvUujj38ZEKxHOuQHFn PjEs7mobxKkmP78nGV+hXl5cwMqemyLHQXddEQMZFFW1x8zNONWu2KOSkTPC/vmOVk5S mUL/yTHXTBdqfI2s3mAtmLCVNfu/ODrMKqP7FR0Ek+twraqVGp70kCG+HV6NeYLQuNR2 ruL8vm5CWNkI0b85LBQWhJgT6eCgjuQ+dQUDatxuiBCdUSm8Z/Kt08IKpkhkphE0X8RY T3y+jdfiHt9n1IVGl7K6Iz1aY8ekBLXIxJQ5+KDDlv56C13rpv23PaXSLNw4/aJKg1fh zpYQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713578840; x=1714183640; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=sCPZj5QcxMJuFH3tBDxs4cs4yfTvBmEScUm7uUOFxO8=; b=eNcyCt35sRm+h/JeT533LxMcGu9h6wiwVsluEUl/Cbz1+Z5ACWZxS8QBBawuBRo1iO 6R/ZOUrbhyriRN6Z8E0F7xJMozl/DH//bcqFrVx+MkQpng2oQJI+kcmS0Sf1B+T+94YT zGh3+rXTDKn3jXk1l6g3RSfDaGNz67QUnRBtU1MuPTfI1AA9fQBIarTznxpPZ2MFqr7Y m4Nyd2eaCXP2nzwcoC27JvbGesHwgUK5NaJHNMUsMmcTbZuAKqGCpR7OUsGq3hJ6GX2H aHtpVyx5VPEVrpMikMAx0hBg3NuXf/cJWbtL8CpsOD1LX8Zb6HwG3ljWjSqdR4yauLAw m7sg==
X-Gm-Message-State: AOJu0YzSAVAFXuhdk8nrZ542vOXf/LVw1tWKCFnRvOgr1/ZJIr6PJyE4 aEWf3ZWX5u7w6qfd3lo+MpxkRm4hPlYOysmD49jjY2M6STuHiNTLNSabcUVXGISn8W/31XbA/er tFD3+ocYQGEUau8g7BSA6/e0avQY=
X-Google-Smtp-Source: AGHT+IGAV2DPvT0YshdVudSpJ3wZkOkyQ4gJA1ARsql3/pfgW6s1cuM7Z5J2DiGWHYjTW27PqzG4X0Hotzrrq39veLM=
X-Received: by 2002:a5d:514c:0:b0:34a:6a6b:e6eb with SMTP id u12-20020a5d514c000000b0034a6a6be6ebmr1698393wrt.25.1713578839685; Fri, 19 Apr 2024 19:07:19 -0700 (PDT)
MIME-Version: 1.0
References: <CACsn0cn_G=aAB_XdNrEoxfdPkKucjC4RRvNhtns=zR7bUuvYLQ@mail.gmail.com> <CAGL5yWYcFid=5HMwWgXfa7GCJhvTsWOgcNSPwXMkbycN7=j=Nw@mail.gmail.com>
In-Reply-To: <CAGL5yWYcFid=5HMwWgXfa7GCJhvTsWOgcNSPwXMkbycN7=j=Nw@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Fri, 19 Apr 2024 19:07:08 -0700
Message-ID: <CACsn0ckxm21Sz4Puo3Grzyu84DeL59PriXrQ6uJTo-Au+NCoPw@mail.gmail.com>
To: Paul Wouters <paul.wouters@aiven.io>
Cc: IETF SAAG <saag@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/aRXq1EnzJXgxIJ4uSaoD4cNBpns>
Subject: Re: [saag] CFRG, CFRG crypto review panel and IETF consensus
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Apr 2024 02:07:22 -0000
On Fri, Apr 19, 2024 at 5:43 PM Paul Wouters <paul.wouters@aiven.io> wrote: > > > On Thu, Apr 18, 2024 at 1:18 PM Watson Ladd <watsonbladd@gmail.com> wrote: >> >> Dear SAAG, >> >> I am quite confused about how the relation between IETF work and CFRG >> work and the crypto review panel is supposed to work. > > > The IESG, IAB and the ISE are hoping to clear this up. I would like to have a discussion where people who participate in the relevent fora and draft authors can raise their concerns. Saying the IESG, IAB and ISE are going to come on from on high to sort it doesn't fill me with confidence. The SSH draft prompted me to write the email, but as I've said in other emails, it isn't a great example of the problem. > > >> >> Simply >> put having knock out contests like we did for curves and PAKES, >> combined with an endless series of reviews and last calls creates some >> very adversarial debates and raises tensions and hampers cooperation. > > > Right. I guess part of that is that the CFRG should ideally be one step away from the implementers of the algorithms, but what > we are seeing is a lot of of them spearheading their own algorithms. This makes it harder for the CFRG as a community to be > seen as a more independent evaluator of the wider (outside IETF) cryptographic community. It's been a decade since CFRG decided to standardize a PAKE. The draft of the contest winner (not something that IETF ever does well) that everyone agrees is the best has taken 4 years since the contest was held to be published. Then the SPAKE2 draft got published without a consensus statement despite having gone through RGLC, as well as being referenced by a Kerberos draft. CPACE, which is the winner in the other category has likewise not been published, and the feature that let it edge out SPAKE2 proved to be pretty problematic in the actual writing and integration with IETF protocols. I don't think any of this was because implementors (distinct from people who write papers) were participating. Generally that's a positive: someone has to make the running code after all, and groups with a tight integration between participant and implementor do function well at the IETF. RFC 9497, and assorted drafts took five years. Thankfully blind RSA took a comparatively speedy 2 years. This isn't a terribly rewarding environment for young academics, who face evaluation on similar timescales. It's difficult to justify the effort even commercially if it isn't really needed to get things out there. > > SSH was one of the last IANA registries we fixed a few months ago to be able to get new code points without needing RFCs. So if anything, we have > lately _improved_ our process to allow people to run whatever crypto they want to run. The IETF is not blocking anyone from using their favourite cryptography > within IETF protocols. > > The value of an RFC comes from the IETF/IRTF communities and their careful considerations, consensus forming, operational experience and maintenance of > the specifications defined. That having an RFC number can act as a status symbol for nation states, algorithm authors, enterprises, competitions and others, and > that vendors use RFC numbers to allocate their own limited engineering capabilities is unfortunate. If vendors didn't think that they should support RFCs that were applicable above their own proprietary extensions or alternate standards, there wouldn't be any consensus forming worth noting. And if standardization didn't matter to authors, people wouldn't participate. I don't think having the RFC number is inherently attractive enough to justify spending the sums on travel that participants and their employers do to participate. Rather it's because there is value in having the way things work be broadly agreed upon and not exclude anyone that the IETF is valuable to participate in and hence becomes the forum for operational experience and maintenance to be shared. OpenSSL has a policy of only adding features to TLS that have an RFC finished, and are very reluctant to add things without a spec. So for a large proportion of the internet, either there is an RFC or it will never get made for the single most important cryptographic protocol. In the case of cryptographic algorithms there are ways around it, but for protocol features it's a challenge. > > RFCs have a cost and as you have seen, resources within the IETF and IRTF are limited. Choices need to be made and we try to have community processes to steer this while > being flexible enough to cater to exceptions. The goal of the IETF is to make the internet work better. RFCs are just one part of that. > > Again, stay tuned for the IESG, IAB and ISE trying to bring more clarity to the specific processes related to cryptography. > > Paul > -- > bad type setting is solely the fault of gmail :) Sincerely, Watson Ladd -- Astra mortemque praestare gradatim
- [saag] CFRG, CFRG crypto review panel and IETF co… Watson Ladd
- Re: [saag] CFRG, CFRG crypto review panel and IET… Stephen Farrell
- Re: [saag] CFRG, CFRG crypto review panel and IET… Salz, Rich
- Re: [saag] CFRG, CFRG crypto review panel and IET… Deb Cooley
- Re: [saag] CFRG, CFRG crypto review panel and IET… Salz, Rich
- Re: [saag] CFRG, CFRG crypto review panel and IET… Deb Cooley
- Re: [saag] CFRG, CFRG crypto review panel and IET… Eric Rescorla
- Re: [saag] CFRG, CFRG crypto review panel and IET… Stephen Farrell
- Re: [saag] CFRG, CFRG crypto review panel and IET… Eric Rescorla
- Re: [saag] CFRG, CFRG crypto review panel and IET… Stephen Farrell
- Re: [saag] CFRG, CFRG crypto review panel and IET… S Moonesamy
- Re: [saag] CFRG, CFRG crypto review panel and IET… Simon Josefsson
- Re: [saag] CFRG, CFRG crypto review panel and IET… Paul Wouters
- Re: [saag] CFRG, CFRG crypto review panel and IET… Watson Ladd
- Re: [saag] CFRG, CFRG crypto review panel and IET… Eliot Lear
- Re: [saag] CFRG, CFRG crypto review panel and IET… Salz, Rich
- Re: [saag] CFRG, CFRG crypto review panel and IET… Paul Wouters
- Re: [saag] CFRG, CFRG crypto review panel and IET… Yoav Nir
- Re: [saag] CFRG, CFRG crypto review panel and IET… Michael Richardson
- Re: [saag] CFRG, CFRG crypto review panel and IET… Michael StJohns
- Re: [saag] CFRG, CFRG crypto review panel and IET… Melinda Shore
- Re: [saag] CFRG, CFRG crypto review panel and IET… Watson Ladd