Response to the request to remove CFRG co-chair

I wrote a short summary about what this was about a few weeks ago:<p><a href="https://news.ycombinator.com/item?id=6942145" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=6942145</a><p>(Shorter: CFRG is the IETF&#x27;s crypto review† board, and one of its co-chairs is an NSA employee).<p>This outcome was a near-certainty, for the simple reason that nobody came up with (or even nominated) a replacement for Igoe. IETF people have worked with Igoe, in person, for years. He is probably a very nice, very earnest person. Removing him from the CFRG without even having a replacement would have been demonstratively hostile without improving the quality of the research group.<p>Unfortunately, despite a few threads of very solid crypto discussion on CFRG during the Igoe debate, most of it was marked by shrill, repetitive, and often mistaken political commentary. The mailing list had the tenor of a Wikipedia &quot;Articles for Deletion&quot; debate that had been circulated on Reddit. IETF long-timers were visibly irritated. There was also an unhelpful strain of back-and-forth between Dan Harkins, the author of the (flawed) Dragonfly PAKE whose CFRG endorsement started this mess, and Harkins&#x27; detractors. At times, the whole thing looked a little petty, especially since Dragonfly is now a dead letter anyways.<p>It remains weird that IETF&#x27;s crypto-review board is chaired by an NSA employee. But it doesn&#x27;t have to stay that way. Igoe has been on the job for many years now, and, from my remove, that job seems pretty thankless. What needs to happen is for someone else to be floated as a new co-chair for the group. I wouldn&#x27;t be surprised if Igoe voluntarily stepped aside for the right name.<p>† <i>(David McGrew, the group&#x27;s other co-chair, disputes this characterization, but the facts on the ground seem to argue that &quot;review board&quot; is the CFRG function that matters)</i>

&gt; The IRTF and IETF have always welcomed participation by all, […]<p>As I wrote previously¹: “<i>We have a tacit assumption that all participants have realized that better standards (and strong crypto, more secure systems) will lead to the betterment of all. This is the default assumption.<p>However, now that the U.S. government, and the NSA and its collaborators in particular, have been </i>shown <i>to explicitly </i>not <i>have this goal – in fact, their goal has been to strive for </i>less <i>secure systems and </i>more difficult <i>standards ­– what should be done? The logical thing to do is to exclude any person or organization revealed to have an agenda explicitly contrary to the group.</i>”<p>Having an all-inclusionist policy is “Geek Social Fallacy #1”². This case illustrates why you cannot let an inclusionist policy be all-overriding. Toxic people and representatives of <i>explicitly</i> adversarial organizations <i>cannot</i> be allowed to participate in, and thereby sabotage, both the work and goodwill of a committee.<p>1) <a href="https://news.ycombinator.com/item?id=6945314" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=6945314</a><p>2) <a href="http://www.plausiblydeniable.com/opinion/gsf.html" rel="nofollow">http:&#x2F;&#x2F;www.plausiblydeniable.com&#x2F;opinion&#x2F;gsf.html</a>

And Trevor Perrin&#x27;s response: <a href="http://thread.gmane.org/gmane.ietf.irtf.cfrg/2337" rel="nofollow">http:&#x2F;&#x2F;thread.gmane.org&#x2F;gmane.ietf.irtf.cfrg&#x2F;2337</a><p>I concur: Kevin Igoe should resign, if nothing else then to remove the cloud of suspicion, given the revelations of NSA sabotage.

Sometimes those in power can refuse to kick out others alongside them that are in power. Friendships could&#x27;ve been formed etc.<p>So the logical conclusion is to request the removal of the CFRG chair, too, and replace him him with someone who <i>will</i> remove the NSA co-chair. Or just start boycotting and ignoring everything this group is proposing from now on in cryptography - whichever way works.<p>&gt; Should we then eliminate all individuals affiliated with the NSA from participating?<p>Um - hell yes?! After all that&#x27;s happened and everything NSA has been trying to do to <i>undermine</i> the security of the web and US infrastructure, too? Of course the answer to that is YES! Otherwise, I personally have no trust in everything this group or IETF on the whole, will be releasing from now on, if that&#x27;s their attitude about this.<p><i>International</i> security standards should be created without the involvement of spy agencies - especially when they&#x27;ve already been discovered to be trying to implement hardware backdoors on multiple occasions (even in the recent UAE satellite). NSA is <i>hostile</i> to security and to security standards. They&#x27;ve proven it already. So treat them as being hostile.

I have no ideas who Lars Eggert <i>really</i> is, but the quality of the rebuttal is very good. In such a critical field where non expert cannot understand what is going on and where we can only <i>trust the experts</i>, such a nice response on a very controversial and emotionally charged topic is very appreciable.

The message is easier to read it on Gmane:<p><a href="http://article.gmane.org/gmane.ietf.irtf.cfrg/2337" rel="nofollow">http:&#x2F;&#x2F;article.gmane.org&#x2F;gmane.ietf.irtf.cfrg&#x2F;2337</a>

It&#x27;s astounding to me that they are allowing him to retain his position. If for no other reason than the message it sends. How disturbing.

I&#x27;m just not sure how you can ignore the fact that his employer is NSA. By proxy, he&#x27;s doing evil (at least imo).<p>He chooses to work for an agency that breaks the law. Do we just turn a blind eye?<p>If he was answering phones there, it&#x27;d be one thing, but he&#x27;s a cryptography expert. I&#x27;d imagine he&#x27;d be only a degree or two removed from something nefarious.<p>Just following orders is not an excuse if you have a conscience.<p>e - grammar

Previous discussion: <a href="https://news.ycombinator.com/item?id=6942145" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=6942145</a>