Re: [secdir] [Cfrg] Time to recharter CFRG as a working group? Was: Re: ISE seeks help with some crypto drafts

mcgrew <> Tue, 19 March 2019 13:23 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 75E85130F05 for <>; Tue, 19 Mar 2019 06:23:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id NWfeW_VYKYkX for <>; Tue, 19 Mar 2019 06:23:24 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D432A127978 for <>; Tue, 19 Mar 2019 06:23:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=6406; q=dns/txt; s=iport; t=1553001803; x=1554211403; h=mime-version:subject:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to; bh=fUpzD/o58rbIjGgrgHFMfaqdFmAibQ1/t6ZpSlpuW6g=; b=Kj/sqIMDWUBtuMsAiw5luQgP3ZIMXBKjl/mfOOrbiQz8DAyuPaE7Efn0 QLuJUi8JZv+kmOrPfx2LvrDierG3LfF6KrM1lIp8sgMriiozpLGAfOr57 m9dBz+wzbRwfc6N3rMCQ3HT/ikhp/Rf7L2bPKO/Ag1hMocjcze5D7bGAp k=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.58,498,1544486400"; d="scan'208";a="537244422"
Received: from ([]) by with ESMTP/TLS/DHE-RSA-SEED-SHA; 19 Mar 2019 13:23:17 +0000
Received: from ( []) by (8.15.2/8.15.2) with ESMTPS id x2JDNGpj002584 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 19 Mar 2019 13:23:16 GMT
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 19 Mar 2019 08:23:15 -0500
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
From: mcgrew <>
In-Reply-To: <>
Date: Tue, 19 Mar 2019 09:23:03 -0400
CC: Richard Barnes <>, secdir <>, CFRG <>, "RFC ISE (Adrian Farrel)" <>
Content-Transfer-Encoding: quoted-printable
Message-ID: <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
To: Michael StJohns <>
X-Mailer: Apple Mail (2.3445.102.3)
X-Originating-IP: []
X-ClientProxiedBy: ( To (
Archived-At: <>
Subject: Re: [secdir] [Cfrg] Time to recharter CFRG as a working group? Was: Re: ISE seeks help with some crypto drafts
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 19 Mar 2019 13:23:27 -0000

Hi Mike,

Please see inline:

> On Mar 18, 2019, at 4:43 PM, Michael StJohns <> wrote:
> I don't understand - usually when I say "I'm fine with the status quo for now" people stop arguing with me.   Oh well.
> And thanks David for making some points for me.  See below.
> On 3/18/2019 9:26 AM, mcgrew wrote:
>> Hi Mike,
>> Let me add few data points from a CFRG-historical perspective.  CFRG has been the first publisher of a number of specifications (for instance, XMSS, Poly1305, and HBS are in this category - and has done essential review for some ISE-published crypto like UMAC (RFC 4418).
> My point was that becoming a first publisher puts the CFRG into the position of being the standardizer.  XMSS, Poly1305 and HBS (not yet published) are all 2018 and 2019 documents.  EDDSA was 2017.  In fact the set of documents currently attributed to the CFRG only goes back to 2014 while the CFRG has been around a lot longer than that.  Something changed

The RG shifted from discussing and reviewing independent documents towards producing its own documents.  

> and now we're getting standards-like production out of the CFRG.  Note that I don't think its a bad thing per se, just that you need to be following different rules than those that are applicable to RGs.
> For example, why does an informational document in the research stream need a registry?  (e.g. RFC8391)   That's about as obvious a standardization requirement as any I've seen in CFRG documents.

The registry and the interface and extensibility it provides is essential to making a crypto specification future-proof. That is clearly best practice in cryptography, and as such is totally appropriate for the output of an IRTF RG document.   Some independent documents that were reviewed by CFRG also had registries. 


>>  For UMAC, it is worth noting that the ISE reviewers asked for changes around IPR language,
> I don't think I even recall seeing anything that wants to use UMAC - I may have missed a protocol or two though.  In any event, the request was to REMOVE claims about IPR language from the document and direct the authors to make a normal IPR disclosure. Again - pretty consistent with what we do with standards and IETF stream documents.
>> and CFRG reviewers made important improvements to the technical content as well ( and CFRG mail threads from fall 2005).  So the issues we are dealing with today are not really new.
> But again, that's normal for any document that comes in through any stream - specifically - people review it and usually irrespective of association with a specific WG/RG/directorate, etc.  The fact that the document author, the ISE and the IESG reached out the the CFRG is pretty much an example of looking for the experts in a pile of experts.  I'm not sure why this wouldn't happen if the CFRG were chartered as a WG?
>> You have started a good, healthy discussion with the points that you have raised.  My thinking is that CFRG (including Kenny, Alexy, and the many contributors) is doing really good, really important work, and the IRTF and IETF should avoid changes that would disrupt it.
> I don't want to change the people, I don't even want to change the work flow (much - except that moving it to a WG would actually remove the IRTF from the approval process for an RFC), I just want this to be appropriately categorized and managed as a WG and subject to the same rules as any other WG.   I think its gone well past the normal rules for an RG at this point.
> Again - I've indicated my concerns and I'm happy the discussion is happening.  Unfortunately what I keep hearing is "we like it the way it is, now go and leave us alone" rather than "we're really a RG because we do things X, Y and Z so we really don't need to be a WG".  I'd really like to hear more commentary on that latter - especially how the CFRG in fact differs from the behavior of a WG.
> Thanks - Mike
>> Best,
>> David
>>> On Mar 15, 2019, at 2:52 PM, Michael StJohns <> wrote:
>>> On 3/13/2019 7:32 AM, Richard Barnes wrote:
>>>> Mike, are your concerns here primarily IPR related?  If that's so, then maybe that's the level at which we should address them, as opposed to flipping the bigger RG->WG switch.
>>> Hi Richard -
>>> Like I said, I'm not going to push this at this time.  But I think its more than just IPR - avoiding technology because of IPR is more a symptom (and in fact is IETF guidance rather than IRTF policy).
>>> The CFRG has a unique position in that - unlike ANY other RG as far as I can tell - it's looked at as an immediate feeder for technology for the IETF.  If it were agnostically evaluating the crypto properties of any offered technology, I'd say we're good and I'd move on.  But, with the publication of Curve25519 and its related ... standards ..., the CFRG has moved from evaluation and re-publication of cryptographic standards developed and produced elsewhere into being the first publisher of what could only be characterized as standards, even if published as an Informational RFC in the IRTF stream.
>>> Ultimately, I think it comes down to fairness and transparency. As an RG, the publications of the RG are not subject to the standards appeals process.  In an WG, the decision not to work on an IPR encumbered technology (or others such as national cryptography) MAY be appealed and overturned (or might not) or sponsored by an AD if there's no applicable or agreeable WG. There's a process for showing such decisions were made transparently, and with a broader audience than just the CFRG having a say.
>>> Later, Mike
>>> Ps - hmm... Note that the CFRG charter only mentions the IETF and not the IRTF....
>>> _______________________________________________
>>> Cfrg mailing list