Dear Brian, Jay, Paul, All,
I totally understand we do not vote... but that only works if people are knowledgeable, have good ethics, and base their objections on real data.
I would suggest to take a look at the draft in the LAMPS WG - the
discussion for adoption of Hybrid Crypto that went on for four
years with the Chairs saying that if we did certain things the
documents would be accepted. Many large companies supported the
idea as a needed tool for migration. We listened and incorporated
ALL feedback coming from the WG. Not only that, we first presented
to LAMPS, then we got redirected to Dispatch, then we got
re-directed to LAMPS again where our journey began. Again. After
wasting more than a year for nothing.
We jumped through all the (IMHO unjustified) loops that IETF made
use jump through - followed all the procedures we were asked of.
REGRETTABLY, few, inexperienced people acting in BAD FAITH
made a lot of noise not even having any skin in managing any
quantum-safe migration nor understanding the need for long
timelines in many industries (15+ years for IDs, PKIs, and
Hardware-Based solutions to be deployed), nor appreciating the
risk of investing in hardware for specific new and barely-tested
algorithms based on "guts feeling". These individuals were
listened to more than companies that supported the development of
hybrid and usable tools to provide access to millions of people
around the world by planning for billions of investments. It was
hard to convince CEOs and CTOs from many large companies.
The charter to work on that technology was modified during the
4 years process where the WG agreed to consider the work.
Many people outside the IETF assumed this was such a big deal that
they bet on its standardization such as BSI and the German
government.
No other solution were proposed as alternatives that were not part of the discussion. We worked and regularly reported on implementations that a large group from commercial and open-source world collaborated on (for both pure and hybrid quantum-safe solutions) by organizing Hackathons for inspiring implementations and interoperability on the wire. Beta Commercial products have been developed.
Rough consensus and bits on the wire ARE there, without any
doubt.
This was an example of ARBITRARY decision, not supported by technical data argument around that. This is, IMHO, is a very important point. There was consensus among people that showed the technical details, the objections came form just "opinions" of people that did not even plan to work on that. I am an engineer, IETF is an Engineering institutions. Opinions non supported by data should be regarded as opinions and dealt with in a different settings (try social media where facts seems to not matter and opinions have the same weight than facts).
Opinions are not fact and, in this case, the Chairs based their decisions on OPINIONS not supported by any fact.
If the decisions are not reversed, there are going to be quite
issues in having any hyrid for KEMs and/or Signatures outside our
industry (where we own the majoriy of IP), given the situation
around intellectual property.
We tried to do the right thing, we got denigrated with VERY INAPPROPRIATE and UNPROFESSIONAL comments (I don't like it, you can shoot yourself in the foot, I do not understand "AND" or "OR" options) that showed the lack of reading of the I-D and lack of respect for the people bringing the work at IETF that have not even been addressed by chairs and that did not address any technical point of the initial proposal (remember, this was adoption, not final call).
Nevertheless, because the importance of the need for easy-to-use
hybrid tools, We demonstrated the willingness to adopt suggestions
from the WG, although made things more complicated at times, to
get the documents to be ready for adoption (just adoption, not
final call!!!) ... it took FOUR years doing that. When we were
said by the WG and the Chair that "we are ready for adoption",
two/three lonely voices representing ABSOLUTELY NO community but
themselves argued about X509 or the Charter (that was already
amended to cover exactly that topic - we worked for two years to
change the Charter). They were present in the meeting where we
discussed moving the documents forward previously.
The weaponization of the "consensus" process should be avoided
to block new important work - chairs should be instructed how to
avoid these situations and refrain themselves to fomenting these
non-argument ignorance. To be explicit, the average objection
can be summarized as "I do not want to work on it. I do not to
work on it because it is too early, nobody should work on this".
Despite the LAMPS charter.
This is what happened, sadly, and unless the area director(s)
or the head of IETF take that seriously, the usual "gang" will
always decide what the IETF is - a closed club of "old friends"
that eat together at IETF and decide things behind closed
doors...
Very different type of leadership than IETF had back in 2000...
Best Regards,
Dr. Pala
Max,
after bringing many companies that bring Internet services to hundreds of millions of people across the world to vote in a IETF WG
We don't vote. What you are saying is that, according to the WG Chairs' judgment, there was no rough consensus to adopt some particular drafts. That could be because there was no consensus that they fitted in the WG charter, or because there was no consensus to base future work on those particular proposals. Without being a subject matter expert, I cannot possibly have an opinion whether their judgment of the lack of consensus was right or wrong.
By the way, none of your current drafts is tagged with the name of a current WG, which is more than a matter of bureaucracy: are your drafts matched to agreed IETF objectives? It's hard for an outsider to even work out which WG might be relevant.
If not, did you propose a BOF on the topic(s)? Or possibly, for work on a longer timescale, maybe it should be an IRTF topic. I have zero expertise in post-quantum crypto, so I have no feeling whether the timescales one sees quoted are any more meaningful than timescales for controlled fusion.
Regards
Brian Carpenter
On 15-Jul-23 12:35, Dr. Pala wrote:
Hi Carsten,
I do not remember which one exactly, this was pre-pandemic.. few years ago. I did present at Sec dispatch daring to propose hybrid crypto schemes and improve revocation… at that time, in a private discussion with the Sec AD I received an apology saying that the attacks I was subject to was not acceptable.
More recently, even after convincing my company and our members to share our IP, even after jumping through many unjustified loops for four years, even after organizing Hackathon initiatives in support of the community, even after demonstrating the use of the technology and into interoperability across commercial and open-source implementations, even after bringing many companies that bring Internet services to hundreds of millions of people across the world to vote in a IETF WG for the first time to support a simple adoption, few comments from inexperienced academics that, frankly, do not even understand how long the road to deployments for quantum-safe crypto really is… delayed this important work on.. no basis at all - just look at the ridiculous thread in the LAMPS WG.
I am not sure about other areas, but Security needs a complete makeover at this point…
Of course, this is just my personal opinion (although supported by quite a lot of evidence that I am glad will remain in the archives for everybody to judge…
As I said, not worth speaking up…
Cheers,
Max
On Jul 15, 2023, at 12:35 AM, Carsten Bormann <cabo@xxxxxxx> wrote:
On 2023-07-15, at 00:17, Dr. Pala <madwolf@xxxxxxxxxx> wrote:
I did also speak at the plenary…
Which plenary?
My search-fu doesn’t suffice today…
Grüße, Carsten
OpenCA Labs Director
![OpenCA Logo](attachments/pngL6nPLelHZ3.png)