Re: [secdir] [Cfrg] Time to recharter CFRG as a working group? Was: Re: ISE seeks help with some crypto drafts

Michael StJohns <msj@nthpermutation.com> Fri, 15 March 2019 18:52 UTC

Return-Path: <msj@nthpermutation.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84B6D130E86 for <secdir@ietfa.amsl.com>; Fri, 15 Mar 2019 11:52:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nthpermutation-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r79QwTYQkkTu for <secdir@ietfa.amsl.com>; Fri, 15 Mar 2019 11:52:43 -0700 (PDT)
Received: from mail-qt1-x843.google.com (mail-qt1-x843.google.com [IPv6:2607:f8b0:4864:20::843]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8761130E89 for <secdir@ietf.org>; Fri, 15 Mar 2019 11:52:43 -0700 (PDT)
Received: by mail-qt1-x843.google.com with SMTP id h39so11290661qte.2 for <secdir@ietf.org>; Fri, 15 Mar 2019 11:52:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nthpermutation-com.20150623.gappssmtp.com; s=20150623; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=vKJyHBFmH3ZLMY70Yql21kR3cBYbJSVfQ0yWqP4Udp0=; b=DgeWNQY1ZM1NxdsX5aZBthMklIxHIcOdQfREugky1LDCpj5KhDE1rKRcyMhdNIQJ87 IsxKMcu2XuiMDoT3YPIIuBUcAe+/6kO2Tq30jdnL4YvYJK2tL3lONhnYN2e/4mD6tIVN nhpL+396LsJS2qBqHbsp6Q+uJphXslDIP1hD99Q2dUHtI/cI+F57H99LUXBXXBN/ppVY 8H6VH8FoNs60gAseQXbUht72h/fqIWlTg+4d78S9gkIRfnZtI5CBT5vT6a/oHtCym/uO M+uXhjXyXJXMFkN+sWrzXtl5rNKk2ZpRnkuuD8MRhBXQlMznTPHhZZRdkwefz/Wg3feJ RGwQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=vKJyHBFmH3ZLMY70Yql21kR3cBYbJSVfQ0yWqP4Udp0=; b=jXLzip9NOI2b+YZO1AVGlOoWNDvLaUd7BoofVEPCx5Dg6AJ6efYAMfgX2AKUW6yGJw X1e5uVnhtMrQBb4PepOAgoEqsHcyt5KU8bNC/T3xbW2bmUsrUzSCjHlsMiZn0r5w3fKl NmSr4XfNswbOu4VdV6pqHkNfUFIVyByp94hyMWyKeAWkn/NXvRfpHIHToeMztqam8hFe IA3t/KFermoAcX1E+6ZDDcl6FoXGIgqGvGI/sAfrJrkS8Xn98RyNo3Tpf6IjHVLc/STL 4tQQYsDtYieVrKJb4bMFDAYkqpBs92VSOo5sCk48hYAQMPkiQmgRftNEipxp+7ac5Q/2 8/+g==
X-Gm-Message-State: APjAAAX7/rRbkugF77afRZ3OZ7XbII34zFQFYfSbPxk1X9V+nln4WVNL HyPUON8R9u6fSjlk8n30pL9XvWX3020=
X-Google-Smtp-Source: APXvYqzu8L2HVRPkYs21RNKmpYBMXylCYJt7Q6P2UGkUDA2OoCYOoOdMVvmGUVvFMN0fGRILDeFJHw==
X-Received: by 2002:ac8:21bc:: with SMTP id 57mr2113629qty.51.1552675962149; Fri, 15 Mar 2019 11:52:42 -0700 (PDT)
Received: from ?IPv6:2601:152:4400:4013:15bf:7fe9:5be3:d288? ([2601:152:4400:4013:15bf:7fe9:5be3:d288]) by smtp.gmail.com with ESMTPSA id u64sm2980851qki.24.2019.03.15.11.52.41 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 15 Mar 2019 11:52:41 -0700 (PDT)
To: Richard Barnes <rlb@ipv.sx>
Cc: John Mattsson <john.mattsson@ericsson.com>, "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>, CFRG <cfrg@irtf.org>, "RFC ISE (Adrian Farrel)" <rfc-ise@rfc-editor.org>, secdir <secdir@ietf.org>
References: <1d8de489fc976b63a911573300a431d4.squirrel@www.amsl.com> <alpine.LRH.2.21.1903081227200.30421@bofh.nohats.ca> <CAHOTMVLtjVxZNy3bFRn09xH+cOw+tPi2CL3BkaQuJEqxAzGOJg@mail.gmail.com> <edca701b-21f3-c80c-d754-fc333f1e2e04@cs.tcd.ie> <20190310182935.GE8182@kduck.mit.edu> <B876B124-7EDE-4E20-A878-3AAD3FA074BC@krovetz.net> <20190310191026.GF8182@kduck.mit.edu> <CAHOTMVJcosEgYV9caWapgyzQfh-g4k5DQry5n42bEfrkJvmdWQ@mail.gmail.com> <042b3f13-7d5a-12d7-e604-9f8cad197608@cs.tcd.ie> <CANeU+ZCmiTKfE1_YgjM6GX9ZCw_35mZoT8M-6VL72UhbenT2og@mail.gmail.com> <3FA4B2DD-334E-4C7C-A01E-6C370CAE4C00@ll.mit.edu> <2935C6E3-3AE8-4447-BA01-8DAE0410E5C6@ericsson.com> <CAL02cgSeCgAOOh3oMhJZqCGvT0F=JQ6n-bmgWYU=6hxkV+aOHQ@mail.gmail.com> <0d38eabd-6f90-2d19-3b45-f1ce19ba9b73@nthpermutation.com> <CAL02cgRVXn2U3SKhGh6biTZJKmHM6KrW6D_rVB2-ZTC5Oohh4w@mail.gmail.com>
From: Michael StJohns <msj@nthpermutation.com>
Message-ID: <829ca608-8d47-083e-e0a6-e7276525b080@nthpermutation.com>
Date: Fri, 15 Mar 2019 14:52:40 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.5.3
MIME-Version: 1.0
In-Reply-To: <CAL02cgRVXn2U3SKhGh6biTZJKmHM6KrW6D_rVB2-ZTC5Oohh4w@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/X8wWt5gIC3Kbw3jDJOGLBxxVsds>
Subject: Re: [secdir] [Cfrg] Time to recharter CFRG as a working group? Was: Re: ISE seeks help with some crypto drafts
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Mar 2019 18:52:46 -0000

On 3/13/2019 7:32 AM, Richard Barnes wrote:
> Mike, are your concerns here primarily IPR related?  If that's so, 
> then maybe that's the level at which we should address them, as 
> opposed to flipping the bigger RG->WG switch.
>

Hi Richard -

Like I said, I'm not going to push this at this time.  But I think its 
more than just IPR - avoiding technology because of IPR is more a 
symptom (and in fact is IETF guidance rather than IRTF policy).

The CFRG has a unique position in that - unlike ANY other RG as far as I 
can tell - it's looked at as an immediate feeder for technology for the 
IETF.  If it were agnostically evaluating the crypto properties of any 
offered technology, I'd say we're good and I'd move on.  But, with the 
publication of Curve25519 and its related ... standards ..., the CFRG 
has moved from evaluation and re-publication of cryptographic standards 
developed and produced elsewhere into being the first publisher of what 
could only be characterized as standards, even if published as an 
Informational RFC in the IRTF stream.

Ultimately, I think it comes down to fairness and transparency. As an 
RG, the publications of the RG are not subject to the standards appeals 
process.  In an WG, the decision not to work on an IPR encumbered 
technology (or others such as national cryptography) MAY be appealed and 
overturned (or might not) or sponsored by an AD if there's no applicable 
or agreeable WG. There's a process for showing such decisions were made 
transparently, and with a broader audience than just the CFRG having a say.


Later, Mike

Ps - hmm... Note that the CFRG charter only mentions the IETF and not 
the IRTF....