IETF Logo Mail Archive

Re: [secdir] [Cfrg] Time to recharter CFRG as a working group? Was: Re: ISE seeks help with some crypto drafts

Melinda Shore <melinda.shore@gmail.com> Mon, 18 March 2019 06:53 UTC

Return-Path: <melinda.shore@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 811BE1310E5 for <secdir@ietfa.amsl.com>; Sun, 17 Mar 2019 23:53:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ISndTmZ6u6K4 for <secdir@ietfa.amsl.com>; Sun, 17 Mar 2019 23:53:31 -0700 (PDT)
Received: from mail-pf1-x444.google.com (mail-pf1-x444.google.com [IPv6:2607:f8b0:4864:20::444]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 78E591310F1 for <secdir@ietf.org>; Sun, 17 Mar 2019 23:53:31 -0700 (PDT)
Received: by mail-pf1-x444.google.com with SMTP id s23so10602493pfe.13 for <secdir@ietf.org>; Sun, 17 Mar 2019 23:53:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=ISfMpLHNUosTlRXkcWWPqsq2YaNh1qQh65WrC6Vgo14=; b=bdbDEPLTWkIaaNfwATg7Bo6jufgaZBFYsjzw6pXZ1PkbpargZn8vysQZdUPfYFjGuy c8DmyM9IpHeJdWtn1SjdsMvEK8gVba3fpBKeAKxEyj9LKkWiIst5uW+u1v6ywQymcgzZ JHQIXxQcUbXaAX2QfhQV60Cnq0MZk+s2/ujjyieW7Z6BxCxXgDV+qLvau0BY7JPEzboP G1tOf1ifqeai4F56Y90zWxLf8kPHRncdWGeccPrLLzbzc81qjrhKBVwQ6zZjZpIS9D/M IN+u6IKTSJQNtIN5TnQDNymR/WZqQxun6NbAy3qBxuiwVNIgYjJLklY3hQEkHGwEybT6 404g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=ISfMpLHNUosTlRXkcWWPqsq2YaNh1qQh65WrC6Vgo14=; b=TAaHhR/OGqCsCKgjXPfW+hXhvBTDnlh7jFzKXejIKcIeZWE3c3StJ/3uZ0gmrNYA7E e+j6VtOi6TeBDpKarqkkAmVj16e5LSEViwNZb4eG+lqA6lN5QMEyZeeRDR4eCN2JQD7V sOwUJ7yjoQZz00wx0WpYPS1w86kaT0MyrQptrKqSbQ2bla6twngfqsJzDtTgQRi3ZnSV LytOPAwb34B1tlSbZJFqOu34sxkac/TA0E+lX20d7A0ynMxGNPG4DZ0zI/PUDChJEVbF X7gRQESvL0H6O5y24X7gNz5kygHwALRIPIW8KDQlK1NCv87coU8fo3uoueyio17Bs1Cy YH4g==
X-Gm-Message-State: APjAAAXnIG9bTm3uJlkNnKtsx+FkiaWN/sTkIpn1KEVWA9fnhxifqNZo iWr67ibe9VDvoWDrYOA8TCjXOlYl
X-Google-Smtp-Source: APXvYqxLqBLFj1vKgmaxZYgEwz1QqJ/XKDRaAGotd3gLOM1gUMjcal4AT0hDrBldByPPRuP2KQmHYA==
X-Received: by 2002:a65:47cb:: with SMTP id f11mr16354086pgs.18.1552892010612; Sun, 17 Mar 2019 23:53:30 -0700 (PDT)
Received: from aspen.local ([216.67.81.206]) by smtp.gmail.com with ESMTPSA id i72sm18795142pfj.147.2019.03.17.23.53.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 17 Mar 2019 23:53:30 -0700 (PDT)
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, denis bider <denisbider.ietf@gmail.com>
Cc: Uri Blumenthal <uri@mit.edu>, CFRG <cfrg@irtf.org>, "RFC ISE (Adrian Farrel)" <rfc-ise@rfc-editor.org>, secdir <secdir@ietf.org>
References: <1d8de489fc976b63a911573300a431d4.squirrel@www.amsl.com> <CAHOTMVJcosEgYV9caWapgyzQfh-g4k5DQry5n42bEfrkJvmdWQ@mail.gmail.com> <042b3f13-7d5a-12d7-e604-9f8cad197608@cs.tcd.ie> <CANeU+ZCmiTKfE1_YgjM6GX9ZCw_35mZoT8M-6VL72UhbenT2og@mail.gmail.com> <3FA4B2DD-334E-4C7C-A01E-6C370CAE4C00@ll.mit.edu> <2935C6E3-3AE8-4447-BA01-8DAE0410E5C6@ericsson.com> <CAL02cgSeCgAOOh3oMhJZqCGvT0F=JQ6n-bmgWYU=6hxkV+aOHQ@mail.gmail.com> <0d38eabd-6f90-2d19-3b45-f1ce19ba9b73@nthpermutation.com> <CAL02cgRVXn2U3SKhGh6biTZJKmHM6KrW6D_rVB2-ZTC5Oohh4w@mail.gmail.com> <829ca608-8d47-083e-e0a6-e7276525b080@nthpermutation.com> <5FAC333B-38EF-4F58-89FB-3DF3F774DD2C@inf.ethz.ch> <F6A7941E-17AD-4525-905B-B76E09D8E780@nohats.ca> <679B6759-5AD3-4F28-9EF4-8794F383468B@mit.edu> <CADPMZDDYNoxK1uu06MFp4==GfAmRucCXO8R63X+q6bV0=OoXwg@mail.gmail.com> <df8882e7-da71-9007-4440-5777958fd87c@gmail.com> <CADPMZDCaeN7iLuPgAe5gSQDvMRx6eGut6rqcAM7GQLWPwBFLPA@mail.gmail.com> <1552890164140.4569@cs.auckland.ac.nz>
From: Melinda Shore <melinda.shore@gmail.com>
Message-ID: <674d964f-46c6-ee67-9e33-5cb480c2a6ef@gmail.com>
Date: Sun, 17 Mar 2019 22:53:28 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.5.3
MIME-Version: 1.0
In-Reply-To: <1552890164140.4569@cs.auckland.ac.nz>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/MuPpqPFYQMBLhcOH8GWoegIcdvE>
Subject: Re: [secdir] [Cfrg] Time to recharter CFRG as a working group? Was: Re: ISE seeks help with some crypto drafts
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Mar 2019 06:53:34 -0000

On 3/17/19 10:23 PM, Peter Gutmann wrote:
> +1.  Mind you given the hassle in setting up a WG for it and getting things
> through the IETF, it might be easier to just set up a Github repository for
> documentation on what does what and how and rely on Google to point people to
> it.

I think this may be closer to the core issue ("the hassle in
setting up a WG").  Moving something from the IRTF to the IETF
is likely to slow down the publication process, frankly.  IRTF
RFCs do require review by the IRSG and the IESG but they are
not IETF consensus documents (see RFC 5743 for details on the
IRTF document stream process).  Second, note that CFRG does not
typically work on protocols, per se, and when it does it's
limited to things like specific key exchange mechanisms rather
than all-the-things-missing-from-pgp.

I agree there's a broader problem here but I don't see how it
would be addressed by moving CFRG, which doesn't work on most of
the problem areas mentioned, anyway, to a body with weightier
process requirements and slower processes.

I'll note that we haven't seen that many drafts addressing these
proposed ssh extensions and given that we're a document-driven
organization that also makes progress difficult.  I'm personally
very interested in lowering barriers to contribution.  That's
a tough one to address because tautology, but seems related to
your concerns.

Melinda


-- 
Melinda Shore
melinda.shore@gmail.com

Software longa, hardware brevis

v2.23.0 | Report a Bug | By Email