Re: [secdir] [Cfrg] Time to recharter CFRG as a working group? Was: Re: ISE seeks help with some crypto drafts

Daniel Kahn Gillmor <> Thu, 14 March 2019 16:18 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B70901312A5 for <>; Thu, 14 Mar 2019 09:18:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.b=UOQoXcjA; dkim=pass (2048-bit key) header.b=JId7qiDP
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id bUR7IrG6epZ7 for <>; Thu, 14 Mar 2019 09:18:43 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id CD1201312B2 for <>; Thu, 14 Mar 2019 09:18:42 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple;;; q=dns/txt; s=2019; t=1552580321; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=FCFfj7MTVRW8VXrUkW7phOEGZr6sXzv2cu7sGdGGJRY=; b=UOQoXcjAeiF+t26269dGfnJCWxOYKZ6L1kAPsylMt8LKsTUox2vcEObW taxOCSiqiUlrtPzlf2i9HdMN4zdVBA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; q=dns/txt; s=2019rsa; t=1552580321; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=FCFfj7MTVRW8VXrUkW7phOEGZr6sXzv2cu7sGdGGJRY=; b=JId7qiDPGtp72X+qORf8to4iUOJjkWYHibrgeb87ijST5sy573CQfw8r UnXSikMvy46AQeUOt+rh8UPsC2M+5lgMCBkrnVrkQF8J2YQab/yY1zE7wc XRXKsyfjQT4f4yCghE3SJioxHsXACT9KZusMvG9hDMDdi/ZCSuYzQplKHP v6knNIsJTwBg2fYkT+7sON+Lk7cPTOVuwIBF70RhpoPjeeDzVNQsYq+Jn0 p2HIXbNLPYgu8PUJMPxM2papyn60zBhwaoBks5AUfnhK+QZqHTM2Dfra95 8Ad8FzFg2xyeJgyqgXvxWH1VH7RZhTWSKd26vIHPNGZmn66UV49Yuw==
Received: from (unknown []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 2DF58F99D; Thu, 14 Mar 2019 12:18:40 -0400 (EDT)
Received: by (Postfix, from userid 1000) id 08BCE203A5; Thu, 14 Mar 2019 09:58:33 -0400 (EDT)
From: Daniel Kahn Gillmor <>
To: Michael StJohns <>, Richard Barnes <>, John Mattsson <>
Cc: CFRG <>, "RFC ISE (Adrian Farrel)" <>, secdir <>
In-Reply-To: <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <>
Autocrypt:; prefer-encrypt=mutual; keydata= mDMEXEK/AhYJKwYBBAHaRw8BAQdAr/gSROcn+6m8ijTN0DV9AahoHGafy52RRkhCZVwxhEe0K0Rh bmllbCBLYWhuIEdpbGxtb3IgPGRrZ0BmaWZ0aGhvcnNlbWFuLm5ldD6ImQQTFggAQQIbAQUJA8Jn AAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBMS8Lds4zOlkhevpwvIGkReQOOXGBQJcQsbzAhkB AAoJEPIGkReQOOXG4fkBAO1joRxqAZY57PjdzGieXLpluk9RkWa3ufkt3YUVEpH/AP9c+pgIxtyW +FwMQRjlqljuj8amdN4zuEqaCy4hhz/1DbgzBFxCv4sWCSsGAQQB2kcPAQEHQERSZxSPmgtdw6nN u7uxY7bzb9TnPrGAOp9kClBLRwGfiPUEGBYIACYWIQTEvC3bOMzpZIXr6cLyBpEXkDjlxgUCXEK/ iwIbAgUJAeEzgACBCRDyBpEXkDjlxnYgBBkWCAAdFiEEyQ5tNiAKG5IqFQnndhgZZSmuX/gFAlxC v4sACgkQdhgZZSmuX/iVWgD/fCU4ONzgy8w8UCHGmrmIZfDvdhg512NIBfx+Mz9ls5kA/Rq97vz4 z48MFuBdCuu0W/fVqVjnY7LN5n+CQJwGC0MIA7QA/RyY7Sz2gFIOcrns0RpoHr+3WI+won3xCD8+ sVXSHZvCAP98HCjDnw/b0lGuCR7coTXKLIM44/LFWgXAdZjm1wjODbg4BFxCv50SCisGAQQBl1UB BQEBB0BG4iXnHX/fs35NWKMWQTQoRI7oiAUt0wJHFFJbomxXbAMBCAeIfgQYFggAJhYhBMS8Lds4 zOlkhevpwvIGkReQOOXGBQJcQr+dAhsMBQkB4TOAAAoJEPIGkReQOOXGe/cBAPlek5d9xzcXUn/D kY6jKmxe26CTws3ZkbK6Aa5Ey/qKAP0VuPQSCRxA7RKfcB/XrEphfUFkraL06Xn/xGwJ+D0hCw==
Date: Thu, 14 Mar 2019 09:58:32 -0400
Message-ID: <>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <>
Subject: Re: [secdir] [Cfrg] Time to recharter CFRG as a working group? Was: Re: ISE seeks help with some crypto drafts
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 14 Mar 2019 16:18:59 -0000

On Tue 2019-03-12 16:43:04 -0400, Michael StJohns wrote:
> The last couple of discussions have been about the IPR related to OCB
> and whether the CFRG should work on it because of that.  That's a
> perfectly fine set of discussions for a standards WG especially when
> considering which modes to include under recommended and mandatory to
> implement, but is probably out of place for an RG.  The RG ought to be
> answering the question "does this proposal have security flaws" and
> not "has the patent expired on this" but we seem to be getting far
> past the "discussing and analyzing" part of the CFRG charter?

I'm not convinced by this line of argument.

This group answers not only "does this proposal have security flaws?"
but also "can it/will it be deployed effectively, with the security
properties we want?"  See Tony Arcieri's excellent analysis of the
tradeoffs between different modes earlier in this thread for an example.
That kind of question is not out of place for a research group -- that's
exactly the kind of practical, useful analysis we'd like to see, and i
wish all research groups were so productive.

Sadly, we live in a world where "IPR" concerns also have an impact on
this latter question, and the CFRG happens to have a pool of people with
a significant amount of knowledge about the history of cryptographic
development and deployment, some of which is occasionally useful in
analyzing IPR issues, frustrating though they may be.  It's not out of
place for the CFRG to include that aspect in its analysis.

The CFRG is working well, and has had a significant, positive impact on
the IETF over the last several years.  If adding the ability to make
"standards track" documents would help the CFRG further help the IETF,
or could encourage additional useful participation in the CFRG, let's
discuss how to do that, but i there's no need to make a constitutional
change to the CFRG just because IPR issues come up occasionally here.