[saag] CFRG, CFRG crypto review panel and IETF consensus
Watson Ladd <watsonbladd@gmail.com> Thu, 18 April 2024 17:18 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF476C14F699 for <saag@ietfa.amsl.com>; Thu, 18 Apr 2024 10:18:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0B30BaSOMhPZ for <saag@ietfa.amsl.com>; Thu, 18 Apr 2024 10:18:15 -0700 (PDT)
Received: from mail-wm1-x335.google.com (mail-wm1-x335.google.com [IPv6:2a00:1450:4864:20::335]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 37BDEC14F61D for <saag@ietf.org>; Thu, 18 Apr 2024 10:18:15 -0700 (PDT)
Received: by mail-wm1-x335.google.com with SMTP id 5b1f17b1804b1-41551639550so7868805e9.2 for <saag@ietf.org>; Thu, 18 Apr 2024 10:18:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713460692; x=1714065492; darn=ietf.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=lQci9emzREHd7xyogQHPp7J8wVBT7q43efXbT2Phs20=; b=KipeBkWXBARZqGytffnmg5rDAkn5nCPfFiEG/MxMLsMIWp5PEewiR/BRxLuquGEyYS Ihi/ervSZmJheH7H3BXOU3uJCixp+cMmmK7dz7bP9X/EgnOdeGcfOrENATysCr9arFg2 O04IN5N0YsRT6KIhLKAc2W9JoAXofAntQhEAjPwmqq4XXW8TrVYy2AXL2N/X0mS7O3VA RQvh027Y1yqyFW5Z7ymWJiz0CaXARMaizDqoJmHWWT6sGTD+QT4sFevjXug4UK/srNpd yH9uiPhh4pZrCToYD4p+5jhvcy+quAGQIa8rzDQhhIzakAglVYHIye82REHBLFO4kXno IpeQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713460692; x=1714065492; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=lQci9emzREHd7xyogQHPp7J8wVBT7q43efXbT2Phs20=; b=OcM8Pw7Pm4qRtiMH8rAiIolXeqmXCHrYh6ppm20omoVBCYrlCWOf2F+uwKkyLbaMbO 0gowxg6qCkdMj0Ei2b8QZXDFesLfsHM67y2u7MnNVp4LmlbJuzfrVnP2/lsQvDq8cmdE FHJKnx3xDrFne9Rxf5OK01pFyZcgsQrzvHQvMPPZSKxLLG/BW8RJH8O4a1fkc+6y7TLp MjNsqvr4oRrfLHxs0UAK1j63KEZu//ooWNbE0Ia4JmtzOcgH0rqHPAyLiRd72w9XR9Ob VBbWwSUFGhbPUmYEQxvRb6vcTgzuOdjQHB0VBl1ibI5+B7obHvixEmNi5xVwy74SI+Iq 9/mw==
X-Gm-Message-State: AOJu0YxlhhhV92ruOPBMJf/KxTVbJBkW4NJS5Wm2AsidO9e5E2TrsA/K h3W0UYFXXf1aVa0n3GkRlgAIP9bnb75ctflWRpfTMjRytpu2VMuGAEVQ120pgtU/k3e4WTLk1Ff ZcWjrewU+aV7uowaMXE0bq6WfP1vvfQ==
X-Google-Smtp-Source: AGHT+IFJ3EzX9o4cJE0gSbTws43tYESMwi75ij+mr8fMd9P70vti1kEhdDGbHRdPFd5S1TPPuTINBHG+GMjWx+PkyGY=
X-Received: by 2002:a5d:6392:0:b0:349:c5db:21c7 with SMTP id p18-20020a5d6392000000b00349c5db21c7mr2614693wru.65.1713460692447; Thu, 18 Apr 2024 10:18:12 -0700 (PDT)
MIME-Version: 1.0
From: Watson Ladd <watsonbladd@gmail.com>
Date: Thu, 18 Apr 2024 10:18:01 -0700
Message-ID: <CACsn0cn_G=aAB_XdNrEoxfdPkKucjC4RRvNhtns=zR7bUuvYLQ@mail.gmail.com>
To: IETF SAAG <saag@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/rDFaw0N-bIreuoU0xAKLTI0LT7s>
Subject: [saag] CFRG, CFRG crypto review panel and IETF consensus
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Apr 2024 17:18:16 -0000
Dear SAAG, I am quite confused about how the relation between IETF work and CFRG work and the crypto review panel is supposed to work. In the SSH NTRUPrime discussion it appears that a negative report from the crypto review panel is reason not to standardize an algorithm choice or register it in the IETF space for a protocol, and that this comes without discussion of the merits and consensus among even the CFRG participants. I don't recall this being the way things used to work, and I think its had very negative effects on the way the CFRG functions, as well as stretching the IETF/IRTF distinction beyond the breaking point. Simply put having knock out contests like we did for curves and PAKES, combined with an endless series of reviews and last calls creates some very adversarial debates and raises tensions and hampers cooperation. It also moves away from the running code part and rough consensus: if a group of people have made choices that work for them, we now make ourselves irrelevant by saying no rather than trying to accommodate their concerns. The CFRG review panel is not well placed to have these conversations as it knows nothing of the broader context and has very limited interaction with the proposal. It also puts the CFRG into a place where it is making standardization choices that properly being to the IETF, and not even the CFRG but a subpanel. The massive backlog of documents results in part from an extremely lengthy process even after RGLC, which I think results in part from the higher perceived stakes. This isn't to say that we should abandon security examination of proposed algorithms, but it's pretty clear that we have treated cryptographic primitives very differently in ways that undermine core principles of the IETF process. Sincerely, Watson Ladd -- Astra mortemque praestare gradatim
- [saag] CFRG, CFRG crypto review panel and IETF co… Watson Ladd
- Re: [saag] CFRG, CFRG crypto review panel and IET… Stephen Farrell
- Re: [saag] CFRG, CFRG crypto review panel and IET… Salz, Rich
- Re: [saag] CFRG, CFRG crypto review panel and IET… Deb Cooley
- Re: [saag] CFRG, CFRG crypto review panel and IET… Salz, Rich
- Re: [saag] CFRG, CFRG crypto review panel and IET… Deb Cooley
- Re: [saag] CFRG, CFRG crypto review panel and IET… Eric Rescorla
- Re: [saag] CFRG, CFRG crypto review panel and IET… Stephen Farrell
- Re: [saag] CFRG, CFRG crypto review panel and IET… Eric Rescorla
- Re: [saag] CFRG, CFRG crypto review panel and IET… Stephen Farrell
- Re: [saag] CFRG, CFRG crypto review panel and IET… S Moonesamy
- Re: [saag] CFRG, CFRG crypto review panel and IET… Simon Josefsson
- Re: [saag] CFRG, CFRG crypto review panel and IET… Paul Wouters
- Re: [saag] CFRG, CFRG crypto review panel and IET… Watson Ladd
- Re: [saag] CFRG, CFRG crypto review panel and IET… Eliot Lear
- Re: [saag] CFRG, CFRG crypto review panel and IET… Salz, Rich
- Re: [saag] CFRG, CFRG crypto review panel and IET… Paul Wouters
- Re: [saag] CFRG, CFRG crypto review panel and IET… Yoav Nir
- Re: [saag] CFRG, CFRG crypto review panel and IET… Michael Richardson
- Re: [saag] CFRG, CFRG crypto review panel and IET… Michael StJohns
- Re: [saag] CFRG, CFRG crypto review panel and IET… Melinda Shore
- Re: [saag] CFRG, CFRG crypto review panel and IET… Watson Ladd