[discuss] [bestbits] Fwd: Heads up on Brazil meeting preparation

Stephen Farrell stephen.farrell at cs.tcd.ie
Wed Jan 8 22:58:59 UTC 2014

On 01/08/2014 09:46 PM, Shatan, Gregory S. wrote:
> Since you do assert (or rather imply) one "fact" in an otherwise
> fact-free argument, I'd like to understand it.  When you say "IETF
> has a NSA employee at his board"  what person, what board, what
> position and what organization are you referring to?

Its as accurate as the rest of that mail. That is, it is not
accurate at all, but I think I can guess what was meant.

The Internet Research Task Force (the IRTF, not the IETF) has
a research group (CFRG) with a co-chair who's an NSA employee.
He's been a co-chair for about two years. Just before the holidays
someone objected to having a research group co-chair who's an NSA
employee, there was a list discussion, and the IRTF chair decided
not to fire the co-chair. The person who made the request appealed
that decision to the IAB (yesterday I think, maybe Monday) so
that will be in-work with them.

As usual the relevant mailing list [1] has more detail than you
probably want, but for this list, maybe the main points are that
from the IETF point of view the CFRG is a mailing list with folks
who have crypto expertise and to which IETF participants or
sometimes working groups can direct detailed questions about
crypto. CFRG is not directly involved in setting standards at all.
And any answers from the CFRG are treated just like other inputs
to the standards process. The CFRG chairs have about as much
influence on IETF standards as say the programme committee chairs
of a reasonably good academic cryptography conference.

I'll just add one request - as you can see from the original
post, reporting on this has been annoyingly inaccurate, partly
due to people who don't understand the IRTF or IETF diving in
with ready-made assumptions. If you're not already involved in
that research group, but want to be part of that discussion,
please try get up to speed on the CFRG and the specific discussion
before engaging. Some people have failed to do that which was
quite disruptive already IMO.

Interestingly, the higher level outcome of the controversy might
turn out to be that the research group in question is revitalised,
with a bunch of new folks doing work to help to make how we use
crypto on the Internet better, that is, working to try make life
harder for those like NSA or GCHQ who want to do pervasive
monitoring. It looks like that at the moment, but we'll have to
see if it lasts.


[1] http://irtf.org/mailman/listinfo/cfrg

More information about the discuss mailing list