[Cfrg] Requesting removal of CFRG co-chair

Cari Machet carimachet at gmail.com
Thu Jan 16 13:04:46 PST 2014 

ok so i know structure is not known tantamountly as anarchy but guess what
it is - it is primary

that they have a hierarchical structure where one MAN can make a decision
and not the working group itself is just pathetic >> what "open forum"

o hey lets have a mass murderer babysit our children

Cari Machet
NYC 646-436-7795
carimachet at gmail.com
AIM carismachet
Syria +963-099 277 3243
Amman +962 077 636 9407
Berlin +49 152 11779219
Twitter: @carimachet <https://twitter.com/carimachet>

Ruh-roh, this is now necessary: This email is intended only for the
addressee(s) and may contain confidential information. If you are not the
intended recipient, you are hereby notified that any use of this
information, dissemination, distribution, or copying of this email without
permission is strictly prohibited.




On Thu, Jan 16, 2014 at 9:53 PM, Moritz <moritz at headstrong.de> wrote:

> The best thing to do at this stage would be to convince Kevin friendly
> but firmly that it is in his best interest to step down. This really
> creates an unhealthy environment, drawing away many others from
> contributing, something that really should not happen at an open forum
> like IETF.
>
> So, please voice your opinions on the respective IETF lists.
>
> On 01/16/2014 09:12 PM, John L Grubbs wrote:
> > Trevor's request was denied last week. :(
> >
> > On Jan 16, 2014 2:04 PM, Cari Machet <carimachet at gmail.com> wrote:
> >
> >     BEAUTIFUL
> >
> >     Cari Machet
> >     NYC 646-436-7795
> >     carimachet at gmail.com <mailto:carimachet at gmail.com>
> >     AIM carismachet
> >     Syria +963-099 277 3243
> >     Amman +962 077 636 9407
> >     Berlin +49 152 11779219
> >     Twitter: @carimachet <https://twitter.com/carimachet>
> >
> >     Ruh-roh, this is now necessary: This email is intended only for the
> >     addressee(s) and may contain confidential information. If you are
> >     not the
> >     intended recipient, you are hereby notified that any use of this
> >     information, dissemination, distribution, or copying of this email
> >     without
> >     permission is strictly prohibited.
> >
> >
> >
> >
> >     On Thu, Jan 16, 2014 at 8:50 PM, Moritz <moritz at headstrong.de
> >     <mailto:moritz at headstrong.de>> wrote:
> >
> >
> >         https://www.ietf.org/mail-archive/web/cfrg/current/msg03554.html
> >
> >
> >         Dear IRTF Chair, IAB, and CFRG:
> >
> >         I'd like to request the removal of Kevin Igoe from CFRG co-chair.
> >
> >         The Crypto Forum Research Group is chartered to provide crypto
> >         advice
> >         to IETF Working Groups.  As CFRG co-chair for the last 2 years,
> >         Kevin
> >         has shaped CFRG discussion and provided CFRG opinion to WGs.
> >
> >         Kevin's handling of the "Dragonfly" protocol raises doubts that
> >         he is
> >         performing these duties competently.  Additionally, Kevin's
> >         employment
> >         with the National Security Agency raises conflict-of-interest
> >         concerns.
> >
> >
> >         Dragonfly Background
> >         ----
> >         Dragonfly is a "Password-Authenticated Key Exchange" protocol (or
> >         "PAKE").  Dragonfly was proposed to CFRG 2 years ago [PROPOSAL].
> >         Compared to better-known PAKEs, Dragonfly has no security proof,
> a
> >         lack of extensive security analysis, nonfunctional complications
> >         added
> >         for IPR reasons, and some security issues [REVIEW].
> >
> >         Dragonfly became a hot topic recently when the TLS WG disputed
> >         CFRG's
> >         alleged report that Dragonfly was "satisfactory", as well as
> >         disputing
> >         that this report reflected CFRG consensus [TLS_1].  After
> extensive
> >         criticism of Dragonfly, the TLS WG ceased work on a Dragonfly
> >         extension [TLS_2].
> >
> >
> >         NSA Background
> >         ----
> >         The National Security Agency ("NSA") is a U.S. Intelligence
> Agency
> >         which is believed to devote considerable resources to:
> >          - "Influence policies, standards and specifications for
> commercial
> >         public key technologies"
> >          - "Shape the worldwide cryptography marketplace to make it more
> >         tractable to advanced cryptanalytic capabilities" [BULLRUN]
> >
> >         While much is unknown about these activities, the NSA is known
> >         to have
> >         placed a "back door" in a NIST standard for random number
> generation
> >         [ECDRBG].  A recent report from the President's Review Group
> >         recommends that the NSA:
> >          - "fully support and not undermine efforts to create encryption
> >         standards"
> >          - "not in any way subvert, undermine, weaken, or make vulnerable
> >         generally available commercial software" [PRESIDENTS]
> >
> >         This suggests the NSA is currently behaving contrary to the
> >         recommendations.
> >
> >
> >         Reasons for requesting Kevin's removal
> >         ----
> >         1)  Kevin has provided the *ONLY* positive feedback for
> >         Dragonfly that
> >         can be found on the CFRG mailing list or meeting minutes.  The
> >         contrast between Kevin's enthusiasm and the group's skepticism is
> >         striking [CFRG_SUMMARY].  It's unclear what this enthusiasm is
> based
> >         on.  There's no record of Kevin making any effort to understand
> >         Dragonfly's unusual structure, compare it to alternatives,
> consider
> >         possible use cases, or construct a formal security analysis.
> >
> >         2)  Twice Kevin suggested a technique for deriving the Dragonfly
> >         password-based element which would make the protocol easy to
> break
> >         [IGOE_1, IGOE_2].  He also endorsed an ineffective attempt to
> avoid
> >         timing attacks by adding extra iterations to one of the loops
> >         [IGOE_3,
> >         IGOE_4].  These are surprising mistakes from an experienced
> >         cryptographer.
> >
> >         3)  Kevin's approval of Dragonfly to the TLS WG misrepresented
> CFRG
> >         consensus, which was skeptical of Dragonfly [CFRG_SUMMARY].
> >
> >         4)  Kevin's NSA affiliation raises unpleasant but unavoidable
> >         questions regarding these actions.  It's entirely possible these
> are
> >         just mistakes by a novice chair who lacks experience in a
> particular
> >         sort of protocol and is being pressured by IETF participants to
> >         endorse something.  But it's hard to escape an impression of
> >         carelessness and unseriousness in Kevin's work.  One wonders
> whether
> >         the NSA is happy to preside over this sort of sloppy crypto
> design.
> >
> >         While that's of course speculation, it remains baffling that an
> >         experienced cryptographer would champion such a shoddy protocol.
> >          The
> >         CFRG chairs have been silent for months, and haven't responded to
> >         attempts to clarify this.
> >
> >
> >         Conclusion
> >         ----
> >         The position of CFRG chair (or co-chair) is a role of crucial
> >         importance to the IETF community.  The IETF is in desperate need
> of
> >         trustworthy crypto guidance from parties who are above
> suspicion.  I
> >         encourage the IAB and IRTF to replace Kevin Igoe with someone
> >         who can
> >         provide this.
> >
> >         Thanks for considering this request.
> >
> >
> >         Trevor
> >
> >
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 9688 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20140116/270d1c0a/attachment-0001.txt>

More information about the cypherpunks mailing list