Apologies to take so long to respond.  My daughter’s college graduation was last Friday, so I was off the net until late Sunday when I found a torrent of email on the CFRG mailing list. 

 

Given the tone of a handful of the messages I did not want to respond from a  personal e-mail account, and our ever so helpful sys admins have configured our external e-mail so we can only send  nsa.gov e-mail from within our physical office spaces. I had wanted to respond earlier, but couldn’t until I physically got back to my office spaces. But I  am on Holiday leave and most of the time I will not be in my office. I now have a working Agency Blackberry ™ which will increase my bandwidth. 

 

Believe me it has been difficult to sit back and not say anything. I feel like Mohammed Ali during one of his “ropa-dopa” fights. I also have a responsibility to coordinate with the IRTF leadership, but they too have family commitments. 

 

Yes, my name really is Igoe, though I had given some thought to changing it to Ignokowski (you have to be a fan of the sitcom Taxi to get that reference). I’m easy to find at the IETF meetings since I typically wear a bowtie and my name tag clearly states National Security Agency. 

 

While NSA’s SIGINT mission gets all the press (especially now), the Agency has another mission: Information Assurance. Our IA authorities cover classified government data systems, while NIST has  authority over unclassified government systems.

 

In the days when computers were covered with blinking lights and communication centers were full of teletypes, IA (or comsec as it was known then) had little trouble building Custom government security gear to meet our needs, but that world is as dead as Imperial Rome. It has become increasingly obvious that in order to keep pace with advances in comms technology, IA will soon be forced to abandon its  sole reliance on custom government security gear and begin using commercial off-the-shelf gear with security built around internet security protocols, whence our increasing involvement with the IETF.

 

My principal involvement has been in the “Suite B” project to ensure various internet security protocols supported configurations which would be suitable for use in classified networks. The members of the various working groups were very generous in the support they provided to the Suite Beatification  of various security protocols. When the opportunity presented itself to pay back some of the debt I owed to the IETF by taking on the duty of co-chairing I was happy to do so. 

 

Believe me, the job is not as “glamorous” as it might seem. It consists of lining up presenters and pinging the list for help in responding to requests from working groups and comments on cement CFRG drafts.  I am well aware that the chairs act to reflect the consensus of the list, but that becomes difficult when, as was the case with draft-01 of  Dragonfly, there is no response to a call for feedback. The recent  work for the TLS working group on SALSA-20 went much better.  Hopefully the current flurry of activity will result in an increase in the number of active participants in the CFRG. 

 

The core competency of the CFRG should be scholarship in the field of cryptography coupled with an in depth knowledge of IETF security protocols. We do not have the time to do a thorough security analysis of a new security primitive since a thorough analysis requires several years of effort (e.g. AES or SALSA). Not everyone in the CFRG needs to be an expert on all matters cryptologic, but the list needs a broad enough base that it is likely some of the members have some expertise on any given topic.