Dear Brian, Jay, Paul, All,
I totally understand we do not vote... but that only works if people are knowledgeable, have good ethics, and base their objections on real data.
I would suggest to take a look at the draft in the LAMPS WG - the discussion for adoption of Hybrid Crypto that went on for four years with the Chairs saying that if we did certain things the documents would be accepted. Many large companies supported the idea as a needed tool for migration. We listened and incorporated ALL feedback coming from the WG. Not only that, we first presented to LAMPS, then we got redirected to Dispatch, then we got re-directed to LAMPS again where our journey began. Again. After wasting more than a year for nothing.
We jumped through all the (IMHO unjustified) loops that IETF made use jump through - followed all the procedures we were asked of.
REGRETTABLY, few, *inexperienced people acting in BAD FAITH made a lot of noise* not even having any skin in managing any quantum-safe migration nor understanding the need for long timelines in many industries (15+ years for IDs, PKIs, and Hardware-Based solutions to be deployed), nor appreciating the risk of investing in hardware for specific new and barely-tested algorithms based on "guts feeling". These individuals were listened to more than companies that supported the development of hybrid and usable tools to provide access to millions of people around the world by planning for billions of investments. It was hard to convince CEOs and CTOs from many large companies.
*The charter to work on that technology was modified during the 4 years process where the WG agreed to consider the work*. Many people outside the IETF assumed this was such a big deal that they bet on its standardization such as BSI and the German government.
No other solution were proposed as alternatives that were not part of the discussion. We worked and regularly reported on implementations that a large group from commercial and open-source world collaborated on (for both pure and hybrid quantum-safe solutions) by organizing Hackathons for inspiring implementations and interoperability on the wire. Beta Commercial products have been developed.
Rough consensus and bits on the wire ARE there, without any doubt.
This was an example of ARBITRARY decision, not supported by technical data argument around that. This is, IMHO, is a very important point. There was consensus among people that showed the technical details, the objections came form just "opinions" of people that did not even plan to work on that. I am an engineer, IETF is an Engineering institutions. Opinions non supported by data should be regarded as opinions and dealt with in a different settings (try social media where facts seems to not matter and opinions have the same weight than facts).
*Opinions are not fact and, in this case, the Chairs based their decisions on OPINIONS not supported by any fact.*
If the decisions are not reversed, there are going to be quite issues in having any hyrid for KEMs and/or Signatures outside our industry (where we own the majoriy of IP), given the situation around intellectual property.
/We tried to do the right thing, we got denigrated with VERY INAPPROPRIATE and UNPROFESSIONAL comments (I don't like it, you can shoot yourself in the foot, I do not understand "AND" or "OR" options) that showed the lack of reading of the I-D and lack of respect for the people bringing the work at IETF that have not even been addressed by chairs and that did not address any technical point of the initial proposal (remember, this was adoption, not final call)./
Nevertheless, because the importance of the need for easy-to-use hybrid tools, We demonstrated the willingness to adopt suggestions from the WG, although made things more complicated at times, to get the documents to be ready for adoption (just adoption, not final call!!!) ... it took FOUR years doing that. When we were said by the WG and the Chair that "we are ready for adoption", two/three lonely voices representing ABSOLUTELY NO community but themselves argued about X509 or the Charter (that was already amended to cover exactly that topic - we worked for two years to change the Charter). They were present in the meeting where we discussed moving the documents forward previously.
*The weaponization of the "consensus" process should be avoided to block new important work - chairs should be instructed how to avoid these situations and refrain themselves to fomenting these non-argument ignorance. To be explicit, the average objection can be summarized as "I do not want to work on it. I do not to work on it because it is too early, nobody should work on this". *Despite the LAMPS charter*.
*
This is what happened, sadly, and *unless the area director(s) or the head of IETF take that seriously, the usual "gang" will always decide what the IETF is - a closed club of "old friends" that eat together at IETF and decide things behind closed doors...
*
Very different type of leadership than IETF had back in 2000...
Best Regards,
Dr. Pala
On 7/14/23 9:59 PM, Brian E Carpenter wrote:
Max,
after bringing many companies that bring Internet services to hundreds of millions of people across the world to vote in a IETF WG
We don't vote. What you are saying is that, according to the WG Chairs' judgment, there was no rough consensus to adopt some particular drafts. That could be because there was no consensus that they fitted in the WG charter, or because there was no consensus to base future work on those particular proposals. Without being a subject matter expert, I cannot possibly have an opinion whether their judgment of the lack of consensus was right or wrong.
By the way, none of your current drafts is tagged with the name of a current WG, which is more than a matter of bureaucracy: are your drafts matched to agreed IETF objectives? It's hard for an outsider to even work out which WG might be relevant.
If not, did you propose a BOF on the topic(s)? Or possibly, for work on a longer timescale, maybe it should be an IRTF topic. I have zero expertise in post-quantum crypto, so I have no feeling whether the timescales one sees quoted are any more meaningful than timescales for controlled fusion.
Regards
Brian Carpenter
On 15-Jul-23 12:35, Dr. Pala wrote:
Hi Carsten,
I do not remember which one exactly, this was pre-pandemic.. few years ago. I did present at Sec dispatch daring to propose hybrid crypto schemes and improve revocation… at that time, in a private discussion with the Sec AD I received an apology saying that the attacks I was subject to was not acceptable.
More recently, even after convincing my company and our members to share our IP, even after jumping through many unjustified loops for four years, even after organizing Hackathon initiatives in support of the community, even after demonstrating the use of the technology and into interoperability across commercial and open-source implementations, even after bringing many companies that bring Internet services to hundreds of millions of people across the world to vote in a IETF WG for the first time to support a simple adoption, few comments from inexperienced academics that, frankly, do not even understand how long the road to deployments for quantum-safe crypto really is… delayed this important work on.. no basis at all - just look at the ridiculous thread in the LAMPS WG.
I am not sure about other areas, but Security needs a complete makeover at this point…
Of course, this is just my personal opinion (although supported by quite a lot of evidence that I am glad will remain in the archives for everybody to judge…
As I said, not worth speaking up…
Cheers,
Max
On Jul 15, 2023, at 12:35 AM, Carsten Bormann <cabo@xxxxxxx> wrote:
On 2023-07-15, at 00:17, Dr. Pala <madwolf@xxxxxxxxxx> wrote:
I did also speak at the plenary…
Which plenary?
My search-fu doesn’t suffice today…
Grüße, Carsten
--
Best Regards,
Massimiliano Pala, Ph.D.
OpenCA Labs Director
OpenCA Logo