Internet Architecture Board

RFC2850

IAB Minutes 2013-11-08

Home»Documents»Minutes»Minutes 2013»IAB Minutes 2013-11-08

Minutes of the 2013-11-08 IAB Business Meeting
Vancouver, BC, Canada

PRESENT

  • Bernard Aboba
  • Mary Barnes (IAB Executive Director)
  • Marc Blanchet
  • Ross Callon
  • Alissa Cooper
  • Lars Eggert (IRTF Chair)
  • Mat Ford (ISOC Liaison)
  • Joel Halpern
  • Russ Housley (IAB Chair)
  • Eliot Lear
  • Barry Leiba (IESG Liaison)
  • Cindy Morgan (IAB Executive Assistant)
  • Erik Nordmark
  • Andrew Sullivan
  • Dave Thaler

REGRETS

  • Jari Arkko (IETF Chair)
  • Xing Li
  • Hannes Tschofenig

GUESTS

  • Richard Barnes
  • Stewart Bryant
  • Alexa Morris (IETF Secretariat)
  • Ray Pelletier (IAD)
  • Tim Polk
  • Sean Turner

1. Teleconference schedule for November

The IAB agreed to hold teleconferences on 13 November 2013 and 20 November 2013. Cindy Morgan will update the calendar accordingly and send a reminder to the mailing list.

2. NIST briefing on the US Government plans to improve confidence in its
cryptographic standards

Tim Polk briefed the IAB on the NIST Cryptographic Standards Process Review. This briefing was based on an earlier presentation that Tim delivered in the SAAG meeting, which not all IAB members were able to attend.

Tim Polk noted that NIST published its first open encryption standard (DES) in 1977. Since then, NIST’s catalog of cryptographic standards has grown into a large suite of algorithms all developed in consultation with the cryptographic community. NIST’s statutory authority for cryptographic standards is limited to protecting the U.S. Government’s federal agencies, but their stakeholder community is far more diverse; NIST standards are voluntarily adopted within both the public and private sectors.

Tim Polk noted that in order for NIST standards to gain broad acceptance, they must be technically sound and have the full confidence of the community. He noted that NIST continually re-examines their protocols, as mathematical advances erode the security margin of current algorithms. To achieve this, NIST strives for a public, inclusive, and transparent process. NIST must balance stakeholder needs while producing cryptographic algorithms that are useful enough for practical applications.

NIST does not use a “one size fits all” process; they fit their process to the document in question. NIST has used international competitions, adopted existing standards, and developed new cryptographic specifications in collaboration with industry, academia, and governments. To achieve inclusiveness and transparency, they have held public workshops, solicited public feedback on draft standards and guidelines (e.g., the recent comment period on Special Publication 800-90A; see http://www.iab.org/wp-content/IAB-uploads/2013/10/IAB-NIST-FINAL.pdf for the IAB’s comments), and tried to actively engage the cryptographic community.

Tim Polk said that he would like to claim that NIST’s objectives are the same ones the IETF values in their standards process. Lars Eggert asked if NIST had signed the OpenStand principles. Tim replied that the question had never come up within NIST. Russ Housley suggested that NIST take a look at the OpenStand principles.

Tim Polk noted that recent events have made NIST re-examine whether there is more they can do. NIST believes that the community has, at a minimum, lost confidence in the Dual_EC_DRCG standard. NIST plans to:

  • Document and publish NIST process
  • Invite public comment on NIST process
  • Hire an independent evaluation to review the process ands to suggest improvements
  • Review the existing body of cryptographic work and the process through which it was developed
  • Invite new public comments and/or withdraw standards or guidance if appropriate.

NIST will update process as necessary to:

  • Maximize openness and transparency
  • Support the development of the most secure, trustworthy guidance practicable
  • Maintain confidence of all stakeholders

Tim Polk emphasized that NIST is taking the situation seriously. They believe that the compromised option in the algorithm came about through trying to balance all of their stakeholders’ needs. The NSA had said that it was very important to have an elliptic curve-based algorithm, and that hardware was already being built using specific code points, even though NIST advised users to generate their own curves. NIST has since deprecated the entire standard.

Eliot Lear asked if a political appointee could could reach down into a NIST process. Tim Polk replied that an appointee could refuse to sign off on a final standard; however, NIST holds the pen and is ultimately responsible for the content.

Alissa Cooper asked if NIST could remove the statutory requirement to consult with the NSA–not that they would not consult with the NSA, but that the requirement to do so be removed. She noted that the statutory requirement creates a perception problem for NIST. Tim Polk replied that while the NSA has people who are very good at cryptography, there will be increased due diligence to attempt to mitigate some of the trust issues.