IETF Logo Mail Archive

Re: [saag] SSH & Ntruprime

"D. J. Bernstein" <djb@cr.yp.to> Tue, 16 April 2024 18:22 UTC

Return-Path: <djb-dsn2-1406711340.7506@cr.yp.to>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3AEB6C14F6FD for <saag@ietfa.amsl.com>; Tue, 16 Apr 2024 11:22:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BUHAOQ6DoYYE for <saag@ietfa.amsl.com>; Tue, 16 Apr 2024 11:22:23 -0700 (PDT)
Received: from salsa.cs.uic.edu (salsa.cs.uic.edu [131.193.32.108]) by ietfa.amsl.com (Postfix) with SMTP id DC5D9C14F747 for <saag@ietf.org>; Tue, 16 Apr 2024 11:22:22 -0700 (PDT)
Received: (qmail 21551 invoked by uid 1010); 16 Apr 2024 18:22:21 -0000
Received: from unknown (unknown) by unknown with QMTP; 16 Apr 2024 18:22:21 -0000
Received: (qmail 179607 invoked by uid 1000); 16 Apr 2024 18:22:12 -0000
Date: Tue, 16 Apr 2024 18:22:12 -0000
Message-ID: <20240416182212.179605.qmail@cr.yp.to>
From: "D. J. Bernstein" <djb@cr.yp.to>
To: saag@ietf.org
Mail-Followup-To: saag@ietf.org
In-Reply-To: <CAGL5yWZRMJAWifEz9qxSRpkhv44B+_6PzoX9c5GGVpjJ2OWuHQ@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/pKLdOqJpiyZDIrqJjrFuD65tWUc>
Subject: Re: [saag] SSH & Ntruprime
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Apr 2024 18:22:27 -0000

Paul Wouters writes:
> You keep quoting IPR policy without putting it in the proper context.
> It deals with protocols developed within the IETF, eg during the
> working group process. The process for deciding on cryptography is a
> separate process

No. BCP 79's scope includes security, and specifically cryptography.

For example, BCP 79 reports that an "IETF consensus has developed that
no mandatory-to-implement security technology can be specified in an
IETF specification unless it has no known IPR claims against it or a
royalty-free license is available to implementers". The notion that
cryptography is somehow an implicit exception to this is directly
contradicted by the mailing-list discussions producing this BCP 79 text,
notably

   https://mailarchive.ietf.org/arch/msg/ipr-wg/VoP9ZpFliPEmZp6Y9_qOYShyq54/

from Scott Bradner (that's https://en.wikipedia.org/wiki/Scott_Bradner
for IETF newbies who don't know the name) saying

   for security-related technology, a discussion at an IETF plenary
   meeting endorced the idea that all mandarory-to-implement security
   technologies (such as encryption technologies) should be RF or
   IPR-free

and saying that this "should be documented"---which, of course, is what
happened in draft-ietf-ipr-technology-rights-02 shortly afterwards,
leading, after many more document revisions, to BCP 79.

Note the words "such as encryption technologies" above. I wouldn't say
that crypto patents were the _only_ driver of the BCP 79 text, but I
have no idea how anyone could imagine that they're out of scope, or how
anyone could argue that excluding them would be a good idea.

> IETF does not consider itself to be a full blown academic community
> capable of evaluating all cryptography.

This seems to be referring to the idea that IETF needs help from
academia in evaluating _whether cryptography is secure_. How is this
supposed to turn cryptography into an exception to the BCP 79 policies
preferring unpatented technologies?

> I am not willing to AD sponsor a document

You've been going far beyond declining sponsorship under the IESG AD
sponsorship procedures: you've been broadcasting claims that discourage
IETF attention to an unpatented alternative to Kyber.

Regarding the particular draft in question, I would hope that another AD
sees the problems with this declination and decides to sponsor the
draft. Regarding IETF's post-quantum handling more broadly, the errors
that have appeared here should be corrected for the record.

> > Also, have you considered the possibility that the conclusions in those
> > conversations come from underlying errors that would be corrected if the
> > arguments were raised in public? Look at the above "scrutiny" claim:
> > it's the sort of error that can easily be repeated because it _sounds_
> > reasonable, but transparency allows the claim to be rapidly debunked.
> No, I have confidence in the claims.

To clarify, are you continuing to maintain the "scrutiny" claim that you
stated, despite the detailed contrary evidence that I provided? Or are
you referring to some other claim?

> > > Some people prefer to not engage with you due to previous negative
> > > experiences with your method of discussion.
> > Now _that's_ an ad-hominem attack. Please (1) apologize and (2) keep
> > yourself under control in the future. Thanks in advance.
  [ ... ]
> I was in a difficult position. I could either withhold the information
> and be accused non-transparency

Let's review the continuing lack of transparency here.

The IETF 119 SAAG presentation made claims about what the Crypto Review
Panel said, and indicated that AD sponsorship had been dropped on that
basis. There was no reference to any other input.

Your subsequent email dated 9 Apr 2024 20:26:41 -0400 referred to "the
transparency of all IETF processes" and---in response to my observing
that what readers learn from the AD summary is factually incorrect---
claimed, without details, that you had "heard a similar position about
NTRUprime from outside the IETF in the academic world of cryptography".
Later you clarified that this was referring to secret conversations.

The situation right now is that there's no paper trail justifying the AD
decision at issue. Anyone checking the Crypto Review Panel text can see
that what the AD has attributed to that text doesn't match what the text
actually says. The simplest explanation available is that the AD summary
actually came from those secret conversations in the first place---and
the rest of us can't see what happened in those conversations.

Issuing personal attacks as an alleged rationale for non-transparency
doesn't create transparency; it violates BCP 54 and hampers moving the
discussion forward. The only way to rectify the transparency failure
here is to publish all of the inputs that were used---for example, the
aforementioned secret conversations, if they in fact happened---along
with saying what extra inputs were introduced by the AD.

> I stand by my view that your statement calling the Crypto Panel Review
> "political" was unsubstantiated.

I laid out the case for this, quoting the specific text at issue and
making specific observations on the content. That's substantiation. You
didn't even quote, let alone reply to, the details; instead you falsely
labeled the summary as an ad-hominem attack. Please withdraw that false
accusation to set the record straight. Thanks in advance.

---D. J. Bernstein

v2.23.0 | Report a Bug | By Email