[TLS] Reconsider TLS/CFRG relationship (Re: should the CFRG really strive for consensus?)

Nico Williams <nico@cryptonector.com> Thu, 01 January 2015 20:37 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 3F2AC1A1A56; Thu, 1 Jan 2015 12:37:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.233
X-Spam-Status: No, score=0.233 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id tTFZU5m-jDAs; Thu, 1 Jan 2015 12:37:40 -0800 (PST)
Received: from homiemail-a35.g.dreamhost.com (sub4.mail.dreamhost.com []) by ietfa.amsl.com (Postfix) with ESMTP id 5DA2C1A00F7; Thu, 1 Jan 2015 12:37:40 -0800 (PST)
Received: from homiemail-a35.g.dreamhost.com (localhost []) by homiemail-a35.g.dreamhost.com (Postfix) with ESMTP id F3A6F54073; Thu, 1 Jan 2015 12:37:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:reply-to:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=0IAbHMCeSYadsS YuBU9AvueVVFI=; b=HakKlTxMtGJXW/4RO58LDyC45qsTfb/jTIkU/34pPQQrad tPFpaYUhcM3NzAGQLLKK4kwkHGM4SxoAW1+kXZRUPJr6ATWDlJd4QyAe1rg5Y6Z6 4VvLcumb98fQ1F8h9lIzuRAy2ci4MN43GB+5RbJhUKGlNYwFFP44ZmgpO4OpA=
Received: from localhost (108-207-244-174.lightspeed.austtx.sbcglobal.net []) (Authenticated sender: nico@cryptonector.com) by homiemail-a35.g.dreamhost.com (Postfix) with ESMTPA id 902B354058; Thu, 1 Jan 2015 12:37:39 -0800 (PST)
Date: Thu, 01 Jan 2015 14:37:39 -0600
From: Nico Williams <nico@cryptonector.com>
To: Alexey Melnikov <alexey.melnikov@isode.com>
Message-ID: <20150101203734.GF24442@localhost>
References: <CAMfhd9V4tnjQL-orjTjX3KS=-XZRn0snAPrVwmP6pZH_20Cfgg@mail.gmail.com> <1420033807.4638.16.camel@scientia.net> <CAMfhd9V5-Y60fGqCDfmCvk9+9bqm0zpm3kSHmR5_mzELZ2K+Dw@mail.gmail.com> <1420042774.10106.10.camel@scientia.net> <CACsn0c=jEXhbUQt7FqZ_KqYQqq0NJsdZow=TEZ2G0te2SUb0RA@mail.gmail.com> <20141231221420.GX24442@localhost> <EF65C8DD-840B-48AA-8B84-73E8FD809ECA@isode.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <EF65C8DD-840B-48AA-8B84-73E8FD809ECA@isode.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/zPlw6hMM826HbPUcPhEEjBFjxzg
Cc: "cfrg@irtf.org" <cfrg@irtf.org>, ietf@ietf.org, tls@ietf.org
Subject: [TLS] Reconsider TLS/CFRG relationship (Re: should the CFRG really strive for consensus?)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tls@ietf.org
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Jan 2015 20:37:41 -0000

[Reply-To set to tls@ietf.org.]

On Thu, Jan 01, 2015 at 05:52:55PM +0000, Alexey Melnikov wrote:
> > On 31 Dec 2014, at 22:14, Nico Williams <nico@cryptonector.com> wrote:

[Elided here is a sub-thread about how much trouble CFRG has had making
decisions, and how unsuited they are to the task.  These were opinions
stated by others.  My response was that if CFRG can't choose, that's
fine, let CFRG do what it's good at (cryptology), and let the IETF do
what it's good at (engineering).

For the benefit of ietf@ietf.org readers, the context is that CFRG was
tasked with producing recommendations for the TLS WG, but CFRG seems
mired in debate about them.  From my point of view the risk is that the
logjam won't soon be broken.]

> > Let the IRTF publish one or more documents describing various curves
> > suitable for use in Internet protocols.  The IETF can pick from among
> > those.
> That is not what TLS WG /SEC AD asked for. They would rather CFRG make
> a choice that can be used in TLS and other places, instead of letting
> each IETF WG make their own different choice.

We may have to reconsider this then.

If it is really true that CFRG is not adept at making choices, then let
the cryptologists document algorithms (including their cryptographic
attributes, pros, cons, cryptanalysis, general performance analysis,
security considerations, and an overall assessment), and let the
engineers pick from among them.  I.e., what we've always done at the

This might require some process (a call for consensus in the TLS WG?),
but once done CFRG will be freed to do what it's good at, and to do it
more quickly because there will be no more lengthy arguments about what
to choose.  Authors will publish I-Ds, reviewers will review them, and
barring any serious problems, CFRG will progress those I-Ds.  The TLS
(and other) WGs can then choose what they like.

I don't mean to start a debate about this _now_.  Rather, now is the
time point out that we may have to have this debate, possibly before the
next time we ask the IRTF for recommendations.