IETF Logo Mail Archive

Re: [saag] CFRG, CFRG crypto review panel and IETF consensus

Eric Rescorla <ekr@rtfm.com> Thu, 18 April 2024 20:15 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D888C14F6ED for <saag@ietfa.amsl.com>; Thu, 18 Apr 2024 13:15:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.893
X-Spam-Level:
X-Spam-Status: No, score=-6.893 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IqvyGhLVRDc1 for <saag@ietfa.amsl.com>; Thu, 18 Apr 2024 13:15:14 -0700 (PDT)
Received: from mail-yw1-x1130.google.com (mail-yw1-x1130.google.com [IPv6:2607:f8b0:4864:20::1130]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D58E3C14F6FE for <saag@ietf.org>; Thu, 18 Apr 2024 13:14:04 -0700 (PDT)
Received: by mail-yw1-x1130.google.com with SMTP id 00721157ae682-61587aa956eso13820797b3.1 for <saag@ietf.org>; Thu, 18 Apr 2024 13:14:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20230601.gappssmtp.com; s=20230601; t=1713471244; x=1714076044; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=ZhjYFw1fGsXBpBk6Q3Sp32dTPvSWuaGpQlleFgP/O7I=; b=FJJ4d0ri5KbzNIzgPOOS62pH4v9TbeRg6wM0ciM0s4eBXTBXQRFpDXbUMSGC9X55pg w9ybNBo1LIbD2yDjrA0F75nRCljl8xKlX6rDBKjgBUX60RMVptlCkKUYnW/e7CwgNjCX NeWthTIuU1aQuFSnBO3JWe0h1wwN+HYe8OlT4DgS/KFTx5tTjHXpdAHDdM9VM9lAW2eO 89T/w+oqMrEuNA3baim1Gd/WKGjhQG3zDC0okL5O7tPh0x8Rx6mSHVPElDMoy7+VXe7v ZqXItW+yExBSpn63lwXc6jkdFJZXS/nnDPpCkKIQauJZY691snvg2AAg3QE1HtqJGr8E kcKQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713471244; x=1714076044; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ZhjYFw1fGsXBpBk6Q3Sp32dTPvSWuaGpQlleFgP/O7I=; b=TAVDm/ssuNbSD3ZME/ekNTTkA3wDuT4riER8UfymqaXRCwNIk+R4X3zotY4ulTgqzZ x4EtqMVA0ig6CxEFfwiifAvVDAU8LHFN1gDp4nn2mGBo2DcilkrhO4sTcm4wi7sKnWHM m044DMcAa5VQRtYtnokpgiwz5aZmeFA8uER3x3qghpekzLuYKhjS9+WmqA5tniLRyoZp t3sZhBvWDVxoScMjCpTiFxiagaqxT0EZGBJ/wBvYpoUZgET48GGK08swdY2hIwsu8ZPg YdIpFR4JBSNNRdyS26skPlSgzJq+3DecwWTIUwR2JNyARJ8yuKUtFGlvna5yUq+wjT8j Kyng==
X-Forwarded-Encrypted: i=1; AJvYcCXJcMuFIUzREURFKPlEQZH0P9aH5NqSw6upLcJt7IwPKiz8FUIdPCrH/OjQ+5WtjQHK70N2cz6B7xWuahZO
X-Gm-Message-State: AOJu0Yymu3YXSBk7nzH9hFIMgfX7SZypGdJ8TCh5E44MjQj/7wdbc1RH l0DmAAG0QrKbz/5NEDsa5hirF3EMVbo3q0od1qAx3/W5rfl1n9fbFDBlRRMZBPMEopCz7AcBFpu xZBUFtH7y0UQI0OZq0l5YehXch70bpnHQQYcUMA==
X-Google-Smtp-Source: AGHT+IFjUufgIRi86A6EKk4potnoBG19NiON78GTm9UUP465ozv8Q1eDkw3XUMeEzmLsXrAlOSNKhZBguOfbZIO05yo=
X-Received: by 2002:a25:aaa4:0:b0:de4:2e6:a2a5 with SMTP id t33-20020a25aaa4000000b00de402e6a2a5mr4557020ybi.55.1713471243714; Thu, 18 Apr 2024 13:14:03 -0700 (PDT)
MIME-Version: 1.0
References: <CACsn0cn_G=aAB_XdNrEoxfdPkKucjC4RRvNhtns=zR7bUuvYLQ@mail.gmail.com> <53ac606e-2c27-4fb9-a456-4787f1747406@cs.tcd.ie>
In-Reply-To: <53ac606e-2c27-4fb9-a456-4787f1747406@cs.tcd.ie>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 18 Apr 2024 13:13:26 -0700
Message-ID: <CABcZeBPFXOzvwLdO_KFfaWmQsGD8HcuO14X5aPap09rEHwi8Og@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: Watson Ladd <watsonbladd@gmail.com>, IETF SAAG <saag@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d0a1cd0616649c19"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/k84anioYSzbq0EBboRFjxpwz0ho>
Subject: Re: [saag] CFRG, CFRG crypto review panel and IETF consensus
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Apr 2024 20:15:18 -0000

On Thu, Apr 18, 2024 at 12:04 PM Stephen Farrell <stephen.farrell@cs.tcd.ie>
wrote:

>
> Hiya,
>
> On 18/04/2024 18:18, Watson Ladd wrote:
> > Dear SAAG,
> >
> > I am quite confused about how the relation between IETF work and CFRG
> > work and the crypto review panel is supposed to work. In the SSH
> > NTRUPrime discussion it appears that a negative report from the crypto
> > review panel is reason not to standardize an algorithm choice or
> > register it in the IETF space for a protocol, and that this comes
> > without discussion of the merits and consensus among even the CFRG
> > participants.
>
> I agree the above has been stated as being the case and
> would be hugely problematic. Even a CFRG consensus that
> something is bad ought not by itself be sufficient reason
> to block the IETF, never mind a crypto panel review that
> wasn't a topic of discussion. It's ok that either thing
> is weighed in reaching a conclusion but there should be
> no vetoes.
>

As far as I can tell this isn't "blocking the IETF".  This is an individual
submission,
AD sponsorship of individual drafts is entirely at AD discretion, and Paul
has
opted not to sponsor.

It would obviously be different if there were IETF consensus to form a WG
and publish this draft and someone were citing the CFRG as a veto point,
but that's not what's happening here.

-Ekr


>
> I think it'd be good if this situation were clarified.
>
> Cheers,
> S.
>
> >
> > I don't recall this being the way things used to work, and I think its
> > had very negative effects on the way the CFRG functions, as well as
> > stretching the IETF/IRTF distinction beyond the breaking point. Simply
> > put having knock out contests like we did for curves and PAKES,
> > combined with an endless series of reviews and last calls creates some
> > very adversarial debates and raises tensions and hampers cooperation.
> > It also moves away from the running code part and rough consensus: if
> > a group of people have made choices that work for them, we now make
> > ourselves irrelevant by saying no rather than trying to accommodate
> > their concerns. The CFRG review panel is not well placed to have these
> > conversations as it knows nothing of the broader context and has very
> > limited interaction with the proposal.
> >
> > It also puts the CFRG into a place where it is making standardization
> > choices that properly being to the IETF, and not even the CFRG but a
> > subpanel. The massive backlog of documents results in part from an
> > extremely lengthy process even after RGLC, which I think results in
> > part from the higher perceived stakes.
> >
> > This isn't to say that we should abandon security examination of
> > proposed algorithms, but it's pretty clear that we have treated
> > cryptographic primitives very differently in ways that undermine core
> > principles of the IETF process.
> >
> > Sincerely,
> > Watson Ladd
> >
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag
>

v2.23.0 | Report a Bug | By Email