As I wrote previously¹: “We have a tacit assumption that all participants have realized that better standards (and strong crypto, more secure systems) will lead to the betterment of all. This is the default assumption.
However, now that the U.S. government, and the NSA and its collaborators in particular, have been shown to explicitly not have this goal – in fact, their goal has been to strive for less secure systems and more difficult standards – what should be done? The logical thing to do is to exclude any person or organization revealed to have an agenda explicitly contrary to the group.”
Having an all-inclusionist policy is “Geek Social Fallacy #1”². This case illustrates why you cannot let an inclusionist policy be all-overriding. Toxic people and representatives of explicitly adversarial organizations cannot be allowed to participate in, and thereby sabotage, both the work and goodwill of a committee.
How would you determine if a participant had affiliation? How many degrees of separation must there be before a person is trustworthy in their neutrality?
As well, it would require an approval process for new participants, closing the working groups. Even should the folks decide to abandon the current model of participation, how would you determine someone new wasn't affiliated, and who has the right to decide who is trustworthy?
It's argued often here that extreme transparency is the cure for shadowy practices, and I don't think it gets much more transparent than group review of any changes to any specs.
To expect that excluding publicly aligned NSA folks would solve any problem is fool-hearty, given that it's an intelligence agency and I'm sure fully capable of installing clandestine participants.
Therefore, I would argue that exclusion is very much an illogical choice. The logical thing to do here would be to increase scrutiny on any changes.
(To note, this comment is not about removing the co-chair privileges from Igoe; if the position is really as powerful as some say, yeah let someone else do it. I'm just saying don't start suggesting people be banned from participating).
The analogy is so stretched as to be meaningless. At least as it refers to the McCarthy portion of the Red Scare, the objectionable portion were: targeting participation in purely domestic political groups, and falsely accusing people of affiliations they didn't have.
It wouldn't be at all objectionable to exclude from employment with the State Department or Army people who were actively openly affiliated with organizations directly sponsored by the Soviet Union. (Though acting in movies presents a different question.)
Likewise, it makes no sense for a standards group to be chaired by a person openly and actively affiliated with an organization which has as a goal subverting those very standards.
1. Banning persons with open affiliations encourages people to hide their affiliation with those organizations.
2. Then, banning persons with supposed affiliations encourages abuse of the banning process.
I grant you that closing mere participation by having pre-screening is probably an unworkable and too costly a step; costly in more ways than one.
I still feel we ought not let them chair the committe, though. I mean, the NSA heading a committee working on publicly available crypto? It’s an oxymoron and a contradiction in terms. It’s the fox guarding the hen house.
Umm .. there's more than a shadow of fascist totalitarianism in the NSA. I think there is ample evidence to demonstrate that this group is destroying USA. Really!
it should be an obvious and routine matter for any organization/group that have a conflict of interests policy.
It is not so simple for the IETF and IRTF, since they traditionally have eschewed voting and instead opt for “rough consensus and running code”. Also, the position of the NSA is fundamentally opposed to what the CFRG is supposed to achieve, so I don’t see how a normal conflict-of-interest policy is going to help.