This page is the public archive interface for the IETF CFRG (Crypto Forum Research Group) mailing list. It provides access to a chronological list of email subjects, senders, and dates. The content structurally supports human rights related to freedom of expression, association, and participation in technical discourse, but contains no explicit editorial advocacy for human rights principles.
Two things you did not know before this post but know now:
* The IETF has a dedicated crypto review board, the CFRG, which approves or pokes holes in the cryptography used by other IETF standards.
* The chair of the IETF CFRG is an NSA employee (Kevin Igoe, one of the authors of the SHA1 hash standard).
I just learned these things a couple weeks ago. I am not generally a believer in the theory that NSA actively subverts Internet standards†. But even I think that it's crazy for an NSA employee to chair the CFRG.
In case you're wondering: Trevor Perrin is widely respected professional cryptographer. Most cryptographers work for university math departments. Perrin worked for years as a staffer for Paul Kocher, the godfather of side channel attacks, at Cryptography Research. He's the designer of the new forward secrecy ratchet for OTR (Axolotl) and the TACK TLS extension, and a behind-the-scenes contributor to other IETF crypto standards. Perrin wrote the pure-Python "tlslite" TLS implementation. If you were to draw a "family tree" of crypto know-how in the software security profession, a surprisingly huge chunk of it would be rooted in Perrin (and Nate Lawson and Kocher); for instance, virtually every modern TLS break came from ideas that Perrin popularized. 64 current Matasano Crypto Challenges, probably 50 of them I can trace to Perrin and Lawson. Trevor Perrin is someone you should pay attention to.
† (my best guess is that the standards NSA was actively subverting were about international telephony; subverting the IETF is a little like subverting the Linux kernel --- doable, but bad tradecraft)
By the way, this submission is getting up so slowly (despite the upvotes) because its title contains "NSA" (which automatically penalizes the submission as revealed earlier).
Perhaps it's time for a new IETF default: No NSA employee should be chair of an encryption-related working group.
If the NSA wishes to change that rule in the future, it can publicly ask Congress to enact a law making it a federal felony for a government employee or contractor to try to subvert, compromise, or weaken public encryption standards. (That would still allow the NSA to subvert, compromise, or weaken proprietary Chinese or Russian military encryption standards, if it is capable of doing so.)
Until the NSA requests such a federal law -- and it's duly enacted -- it seems folly to encourage the participation of its employees in the IETF process, let alone granting them a position as chair of an encryption working group. Put another way, the NSA's signals intelligence mission has eclipsed its information assurance mission.
It's been interesting watching the reactions to these revelations from the more skeptical folks. Tptacek, have there been any stories (besides this one I suppose) that have really surprised you and struck you as unreasonable overreach?
I want to raise an issue that people often ignore. We put the government's fault onto an employee's fault.
But I will state my position clearly: I do think the resignation is a good thing. I don't agree with the word "removal".
The biggest problem to me is not about NSA involvement, it is how WE treat people who work at NSA and other government intelligence agency. If the fear of a single man is what makes the issue hot, I beg to differ. You can disagree with him and not pass the standard. If the whole committee thinks there is something fishy, I see no reason why the proposal would get through the internal draft. It is that distrust.
My school and many schools out there would send out internship notice; if you are a public school one of those would be government internship and among them is NSA and FBI.
How do we treat these kids in the future? How should we treat our future or current co-workers who had worked as contractor or done internship at NSA, FBI and CIA?
Do we trust them?
The fact that "NSA [employees] (edit, response to http://www.ietf.org/mail-archive/web/cfrg/current/msg03556.h...) should not be in any position in the cryto committee" is too far. He should resign in fact, to avoid interest conflict; people don't trust NSA right now. But how are we treating these employees? Have we asked him privately? Should this email be in the public in the first place? Have they ever had a private conservation about this? I think like it is more of an attack and a warning to all NSA-title employees that they should never reveal their affiliations, even on resume.
Since everyone does things differently, some will never join NSA and some will for either money or technical development or patriotism, how do we as people treat these employees?
I am upset that when people look down at them and think they are rat. This is a stronger ethic issue that few notice. The whole "removal" sounds like "one ought not be an NSA employee." Being someone new to security and admire open standard and fear of backdoor, I think it is nicer and professional if that has been raised to Kevin Igoe first privately.
From the way the mail is phrased: it never happened.
the thread is just warming up... I'm half-expecting Kevin Igoe to "reveal his true form" and turn into that giant NSA octopus clutching a shit load of ethernet cables that they thought it was a good idea to paint somewhere.
Bruce Schneier is not a great pick for this role. The CFRG is an extremely technical working group; the CFRG chair needs to be intimately familiar with a broad selection of modern cryptography. By way of example, Schneier is avowedly unfamiliar with elliptic curve. Schneier is a great popularizer of cryptography, but there are much better choices for the person whose job it will be to spot errors in other standards.
> subverting the IETF is a little like subverting the Linux kernel --- doable, but bad tradecraft
This is a great point. The mailing list and public nature of the standards process makes it very difficult to subvert, without very high risks of getting caught and breaking trust in the community. These agencies need to keep hiring good cryptographers and ideally keep bodies working on standards.
Shows the importance of OSS in security and having people like Trevor Perrin keeping watch.
But at the same time - if the NSA was going to subvert encryption standards - I doubt they would subvert the process with someone who is known to work at the NSA. Intelligence agencies would operate covertly. Most likely by converting someone trusted in the community into an agent, or grooming their own agent straight out of high school/university and getting them to a point of influence in the community (over a long period of time) and only then having them damage crypto standards. < this is standard tradecraft.
"The whole "removal" sounds like "one ought not be an NSA employee."
It is not that one 'ought not'. It is that the NSA is spying on us all. It is also lying about what it is doing, and being deceitful about its tactics.
People need to make a choice about where they stand. If they want to stand with the NSA, that is fine.
Unfortunately from a practical POV, it means I cannot trust them.
On the bright side, I cannot think of any reason an ex employee of the NSA would be honest about their previous employment.
> I am not generally a believer in the theory that NSA actively subverts Internet standards†. But even I think that it's crazy for an NSA employee to chair the CFRG.
I am uncomfortable with the NSA / GCHQ being that closely tied to the standards process.
I'm much happier when they're noodling away with research in the background and providing support to universities.
An example: GCHQ invented PK before Diffie and Hellman. They invented RSA before RSA did. They kept both of these secret for many years. GCHQ's RSA was not revealed until 24 years later. (About 20 years after RSA had been in use).
So, secret government spy agencies keep secrets. I think this is as alarming as secret government spy agencies spy. While they might not actively subvert crypto standards would they allow weaknesses to be implemented without comment?
> No NSA employee should be chair of an encryption-related working group.
This makes me think: What is the basis of trusting any organization or person not to have their own agenda, possibly contrary to the group’s ostensible agenda?
The basis is this: We have a tacit assumption that all participants have realized that better standards (and strong crypto, more secure systems) will lead to the betterment of all. This is the default assumption.
However, now that the U.S. government, and the NSA and its collaborators in particular, have been shown to explicitly not have this goal – in fact, their goal has been to strive for less secure systems and more difficult standards – what should be done? The logical thing to do is to exclude any person or organization revealed to have an agenda explicitly contrary to the group.
The same argument could be made (and has been made many times in the past) for Microsoft to be excluded from any and all standardization committees like ISO, IEEE, IETF, etc. for the same reason – their repeated practice of Embrace, Extend & Extinguish among other things shows them to have an agenda contrary to the group, and their participation would therefore be a detriment, not an asset.
Uh, I think pretty much all of it is overreach. The FISA 215 metadata stuff was particularly bad.
The only stuff that doesn't upset me is genuine foreign intelligence. The NSA can listen in on the Israelis as much as they want, as far as I'm concerned; the Israelis sure as shit listen to us.
> The biggest problem to me is not about NSA involvement, it is how WE treat people who work at NSA and other government intelligence agency.
An organization is made up of people. If you don't like what the organization is doing, you start by holding the people accountable. I see nothing wrong with shunning people who, in their professional capacity, are a part of machine that uses said capability to undermine my rights and privacy.
> subverting the IETF is a little like subverting the Linux kernel --- doable, but bad tradecraft
... and what kind of tradecraft, pray tell, is subverting a random number generator and planting it inside the BSAFE library after paying off RSA DSI with a $10 million dollar contract?
If the NSA is willing to do something like this, what is would it consider too unethical/immoral/bad tradecraft not to do?