Hacker News new | past | comments | ask | show | jobs | submit login

I wrote a short summary about what this was about a few weeks ago:


(Shorter: CFRG is the IETF's crypto review† board, and one of its co-chairs is an NSA employee).

This outcome was a near-certainty, for the simple reason that nobody came up with (or even nominated) a replacement for Igoe. IETF people have worked with Igoe, in person, for years. He is probably a very nice, very earnest person. Removing him from the CFRG without even having a replacement would have been demonstratively hostile without improving the quality of the research group.

Unfortunately, despite a few threads of very solid crypto discussion on CFRG during the Igoe debate, most of it was marked by shrill, repetitive, and often mistaken political commentary. The mailing list had the tenor of a Wikipedia "Articles for Deletion" debate that had been circulated on Reddit. IETF long-timers were visibly irritated. There was also an unhelpful strain of back-and-forth between Dan Harkins, the author of the (flawed) Dragonfly PAKE whose CFRG endorsement started this mess, and Harkins' detractors. At times, the whole thing looked a little petty, especially since Dragonfly is now a dead letter anyways.

It remains weird that IETF's crypto-review board is chaired by an NSA employee. But it doesn't have to stay that way. Igoe has been on the job for many years now, and, from my remove, that job seems pretty thankless. What needs to happen is for someone else to be floated as a new co-chair for the group. I wouldn't be surprised if Igoe voluntarily stepped aside for the right name.

(David McGrew, the group's other co-chair, disputes this characterization, but the facts on the ground seem to argue that "review board" is the CFRG function that matters)

> He is probably a very nice, very earnest person.

Obviously. Being a pushy jerk explicitly forcing your employer's agenda wouldn't be very fruitful and thus would be a bad job performance by an NSA employee in such position.

> Igoe has been on the job for many years now, and, from my remove, that job seems pretty thankless.

Have you seen his NSA performance reviews? :)

I propose Dan Bernstein. Now let's do this.

You can't just do that. Bernstein has to want to do it, and agree, and if you don't want to look silly that has to happen before his nomination is posted to the mailing list.

Yes, on second thought, DJB would probably have much more impact working in a group that's creating crypto standards rather than just reviewing other people's proposals.

For what it's worth: that's what he already does. For example, Bernstein is one of the coordinators for CAESAR, the competition for new authenticated bulk ciphers.


I think that was salient's point -- he's already creating crypto standards and he's likely better suited to that than simply reviewing other's proposals.

"unlike in many other organizations, IRTF co-chairs are little more than group secretaries"

Assuming that's true, I think DJB has something better to do with his time than making sure the carrot cake has been ordered and unsubscribing mailing list subscribers who reported emails as spam.

Also the "keep friends close and enemies closer" as an employee of an organization that has a goal of the overthrow of the US constitution and elimination of human rights, the best place to keep the rep of an evil organization is in the public eye. So if he's mr good guy, no harm, and if we keep an eye on him, no harm, net positive to keep him in place.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact