Re: [saag] SSH & Ntruprime
"D. J. Bernstein" <djb@cr.yp.to> Tue, 16 April 2024 18:22 UTC
Return-Path: <djb-dsn2-1406711340.7506@cr.yp.to>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3AEB6C14F6FD for <saag@ietfa.amsl.com>; Tue, 16 Apr 2024 11:22:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BUHAOQ6DoYYE for <saag@ietfa.amsl.com>; Tue, 16 Apr 2024 11:22:23 -0700 (PDT)
Received: from salsa.cs.uic.edu (salsa.cs.uic.edu [131.193.32.108]) by ietfa.amsl.com (Postfix) with SMTP id DC5D9C14F747 for <saag@ietf.org>; Tue, 16 Apr 2024 11:22:22 -0700 (PDT)
Received: (qmail 21551 invoked by uid 1010); 16 Apr 2024 18:22:21 -0000
Received: from unknown (unknown) by unknown with QMTP; 16 Apr 2024 18:22:21 -0000
Received: (qmail 179607 invoked by uid 1000); 16 Apr 2024 18:22:12 -0000
Date: Tue, 16 Apr 2024 18:22:12 -0000
Message-ID: <20240416182212.179605.qmail@cr.yp.to>
From: "D. J. Bernstein" <djb@cr.yp.to>
To: saag@ietf.org
Mail-Followup-To: saag@ietf.org
In-Reply-To: <CAGL5yWZRMJAWifEz9qxSRpkhv44B+_6PzoX9c5GGVpjJ2OWuHQ@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/pKLdOqJpiyZDIrqJjrFuD65tWUc>
Subject: Re: [saag] SSH & Ntruprime
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Apr 2024 18:22:27 -0000
Paul Wouters writes: > You keep quoting IPR policy without putting it in the proper context. > It deals with protocols developed within the IETF, eg during the > working group process. The process for deciding on cryptography is a > separate process No. BCP 79's scope includes security, and specifically cryptography. For example, BCP 79 reports that an "IETF consensus has developed that no mandatory-to-implement security technology can be specified in an IETF specification unless it has no known IPR claims against it or a royalty-free license is available to implementers". The notion that cryptography is somehow an implicit exception to this is directly contradicted by the mailing-list discussions producing this BCP 79 text, notably https://mailarchive.ietf.org/arch/msg/ipr-wg/VoP9ZpFliPEmZp6Y9_qOYShyq54/ from Scott Bradner (that's https://en.wikipedia.org/wiki/Scott_Bradner for IETF newbies who don't know the name) saying for security-related technology, a discussion at an IETF plenary meeting endorced the idea that all mandarory-to-implement security technologies (such as encryption technologies) should be RF or IPR-free and saying that this "should be documented"---which, of course, is what happened in draft-ietf-ipr-technology-rights-02 shortly afterwards, leading, after many more document revisions, to BCP 79. Note the words "such as encryption technologies" above. I wouldn't say that crypto patents were the _only_ driver of the BCP 79 text, but I have no idea how anyone could imagine that they're out of scope, or how anyone could argue that excluding them would be a good idea. > IETF does not consider itself to be a full blown academic community > capable of evaluating all cryptography. This seems to be referring to the idea that IETF needs help from academia in evaluating _whether cryptography is secure_. How is this supposed to turn cryptography into an exception to the BCP 79 policies preferring unpatented technologies? > I am not willing to AD sponsor a document You've been going far beyond declining sponsorship under the IESG AD sponsorship procedures: you've been broadcasting claims that discourage IETF attention to an unpatented alternative to Kyber. Regarding the particular draft in question, I would hope that another AD sees the problems with this declination and decides to sponsor the draft. Regarding IETF's post-quantum handling more broadly, the errors that have appeared here should be corrected for the record. > > Also, have you considered the possibility that the conclusions in those > > conversations come from underlying errors that would be corrected if the > > arguments were raised in public? Look at the above "scrutiny" claim: > > it's the sort of error that can easily be repeated because it _sounds_ > > reasonable, but transparency allows the claim to be rapidly debunked. > No, I have confidence in the claims. To clarify, are you continuing to maintain the "scrutiny" claim that you stated, despite the detailed contrary evidence that I provided? Or are you referring to some other claim? > > > Some people prefer to not engage with you due to previous negative > > > experiences with your method of discussion. > > Now _that's_ an ad-hominem attack. Please (1) apologize and (2) keep > > yourself under control in the future. Thanks in advance. [ ... ] > I was in a difficult position. I could either withhold the information > and be accused non-transparency Let's review the continuing lack of transparency here. The IETF 119 SAAG presentation made claims about what the Crypto Review Panel said, and indicated that AD sponsorship had been dropped on that basis. There was no reference to any other input. Your subsequent email dated 9 Apr 2024 20:26:41 -0400 referred to "the transparency of all IETF processes" and---in response to my observing that what readers learn from the AD summary is factually incorrect--- claimed, without details, that you had "heard a similar position about NTRUprime from outside the IETF in the academic world of cryptography". Later you clarified that this was referring to secret conversations. The situation right now is that there's no paper trail justifying the AD decision at issue. Anyone checking the Crypto Review Panel text can see that what the AD has attributed to that text doesn't match what the text actually says. The simplest explanation available is that the AD summary actually came from those secret conversations in the first place---and the rest of us can't see what happened in those conversations. Issuing personal attacks as an alleged rationale for non-transparency doesn't create transparency; it violates BCP 54 and hampers moving the discussion forward. The only way to rectify the transparency failure here is to publish all of the inputs that were used---for example, the aforementioned secret conversations, if they in fact happened---along with saying what extra inputs were introduced by the AD. > I stand by my view that your statement calling the Crypto Panel Review > "political" was unsubstantiated. I laid out the case for this, quoting the specific text at issue and making specific observations on the content. That's substantiation. You didn't even quote, let alone reply to, the details; instead you falsely labeled the summary as an ad-hominem attack. Please withdraw that false accusation to set the record straight. Thanks in advance. ---D. J. Bernstein
- [saag] SSH & Ntruprime Loganaden Velvindron
- Re: [saag] SSH & Ntruprime D. J. Bernstein
- Re: [saag] SSH & Ntruprime Harry Halpin
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Paul Wouters
- Re: [saag] SSH & Ntruprime Simon Josefsson
- Re: [saag] SSH & Ntruprime Loganaden Velvindron
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Eliot Lear
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Eliot Lear
- Re: [saag] SSH & Ntruprime Orie Steele
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Eliot Lear
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Eliot Lear
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Jan-Frederik Rieckers
- Re: [saag] SSH & Ntruprime Orie Steele
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Michael StJohns
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Orie Steele
- Re: [saag] SSH & Ntruprime Salz, Rich
- Re: [saag] SSH & Ntruprime Eliot Lear
- Re: [saag] SSH & Ntruprime Melinda Shore
- Re: [saag] SSH & Ntruprime Michael StJohns
- Re: [saag] SSH & Ntruprime Salz, Rich
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Salz, Rich
- Re: [saag] SSH & Ntruprime S Moonesamy
- Re: [saag] SSH & Ntruprime Michael StJohns
- Re: [saag] SSH & Ntruprime Salz, Rich
- Re: [saag] SSH & Ntruprime Michael StJohns
- Re: [saag] SSH & Ntruprime Salz, Rich
- Re: [saag] SSH & Ntruprime Salz, Rich
- Re: [saag] SSH & Ntruprime Eliot Lear
- Re: [saag] SSH & Ntruprime Michael StJohns
- Re: [saag] SSH & Ntruprime Ira McDonald
- Re: [saag] SSH & Ntruprime Michael Richardson
- Re: [saag] SSH & Ntruprime Paul Wouters
- Re: [saag] SSH & Ntruprime Simon Josefsson
- Re: [saag] SSH & Ntruprime Christian Huitema
- Re: [saag] SSH & Ntruprime Russ Housley
- Re: [saag] SSH & Ntruprime Orie Steele
- Re: [saag] SSH & Ntruprime Michael Richardson
- Re: [saag] SSH & Ntruprime Loganaden Velvindron
- Re: [saag] SSH & Ntruprime Loganaden Velvindron
- Re: [saag] SSH & Ntruprime Michael Richardson
- Re: [saag] SSH & Ntruprime Paul Wouters
- Re: [saag] SSH & Ntruprime Michael Richardson
- Re: [saag] SSH & Ntruprime Michael Richardson
- Re: [saag] SSH & Ntruprime Paul Wouters
- Re: [saag] SSH & Ntruprime Stephen Farrell
- Re: [saag] SSH & Ntruprime Simon Josefsson
- Re: [saag] SSH & Ntruprime Mark Baushke (ietf)
- Re: [saag] SSH & Ntruprime Stephen Farrell
- Re: [saag] SSH & Ntruprime D. J. Bernstein
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Eliot Lear
- Re: [saag] SSH & Ntruprime Salz, Rich
- Re: [saag] SSH & Ntruprime Stephen Farrell
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Michael StJohns
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Michael StJohns
- Re: [saag] SSH & Ntruprime S Moonesamy
- Re: [saag] SSH & Ntruprime Paul Wouters
- Re: [saag] SSH & Ntruprime Watson Ladd
- Re: [saag] SSH & Ntruprime Stephen Farrell
- Re: [saag] SSH & Ntruprime Simon Josefsson
- Re: [saag] SSH & Ntruprime StJohns, Michael
- Re: [saag] SSH & Ntruprime Watson Ladd
- Re: [saag] SSH & Ntruprime Stephen Farrell
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime Watson Ladd
- Re: [saag] SSH & Ntruprime Michael StJohns
- Re: [saag] SSH & Ntruprime S Moonesamy
- Re: [saag] SSH & Ntruprime Eric Rescorla
- Re: [saag] SSH & Ntruprime D. J. Bernstein
- Re: [saag] SSH & Ntruprime Salz, Rich
- Re: [saag] SSH & Ntruprime Paul Wouters
- Re: [saag] SSH & Ntruprime D. J. Bernstein
- Re: [saag] SSH & Ntruprime Deb Cooley
- Re: [saag] SSH & Ntruprime Christian Huitema
- Re: [saag] SSH & Ntruprime Simon Josefsson