An NSA employee who is the co-chairman of a cryptography working group affiliated with the IETF will remain in that position despite calls from members to have him removed. The chairman of the Internet Research Task Force, the body that oversees the research group, rejected requests for the removal of Kevin Igoe of the NSA, saying that his position gave him little real power over the development of cryptographic standards and his removal would set a dangerous precedent.
The request for Igoe’s removal came on Dec. 20, in the aftermath of a fresh set of revelations about the NSA’s surveillance capabilities and efforts to undermine the development of cryptographic standards and algorithms. Throughout autumn, waves of stories about the agency’s attempts–and perhaps successes–to compromise crypto standards had hit the news, including the allegation that the NSA had deliberately weakened a key NIST standard by inserting the compromised Dual_EC DRBG random number generator as the default choice. Security researchers and cryptographers assessing the damage of these revelations said that the implications may not be known for years to come.
In an email to the Crypto Forum Research Group, which advises the IETF on crypto issues, Trevor Perrin, a member of the group and security engineer, cited a number of reasons for asking for Igoe’s removal as co-chair of the group, including his support for a widely criticized key-exchange system called Dragonfly, and the fact that he’s an NSA employee. Perrin claimed that Igoe was the only one who voiced any support for Dragonfly and also made some technical suggestions that would have weakened the system.
“Kevin’s NSA affiliation raises unpleasant but unavoidable questions regarding these actions. It’s entirely possible these are just mistakes by a novice chair who lacks experience in a particular sort of protocol and is being pressured by IETF participants to endorse something. But it’s hard to escape an impression of carelessness and unseriousness in Kevin’s work. One wonders whether the NSA is happy to preside over this sort of sloppy crypto design,” Perrin wrote in his email, which also went to the chairman of the Internet Architecture Board.
“While that’s of course speculation, it remains baffling that an experienced cryptographer would champion such a shoddy protocol.”
The CFRG has dual chairs in David McGrew, a Cisco employee, and Igoe, who took that position in 2011. The group is responsible for considering new cryptographic mechanisms and providing advice to groups within the IETF, the Internet standards body, on crypto issues and standards. The request by Perrin to remove Igoe generated a huge amount of discussion on the CFRG mailing list, and elicited strong opinions from a number of prominent security experts, including cryptographer William Whyte and John Viega, a software security expert.
“I think it’s reasonable to hold the opinion that this discussion is silly and overhyped. I think there’s a good chance that Mr. Igoe had no subversive intent whatsoever. I also don’t see how an IRTF working group chair can, with high probability, subvert the process (though that doesn’t mean it isn’t possible),” Viega wrote.
“To me, the most important thing the group can do is address how it makes sure to protect from subversive actors. If we had a clear answer there, then I think it matters far less who the chair is, because we can give outside eyes a better comfort level. I don’t think it’s productive to be dismissive of the concern, even if you do not agree.”
On Jan. 5, Lars Eggert, chairman of the IRTF, formally rejected the request to remove Igoe, saying that his employment by the NSA should not disqualify him out of hand, and that his actions in the Dragonfly development process could have been seen as mistakes, but were not enough to support the idea that he was purposely subverting the process.
“However, while unfortunate, the mistakes made were not of a severity that would warrant an immediate dismissal of Kevin Igoe as co-chair. It is also the first such occurrence that I am aware of,” Eggert said in his email.
He also said that because of the way that IRTF groups are constructed, Igoe, as co-chair, doesn’t really have any more influence over the CFRG group’s work than any other participant. Eggert said, however, that the perception that the NSA could be exerting influence over crypto standard development could hamper the group’s work and discourage people from contributing.
“However, would removing Kevin Igoe as a co-chair address this issue? Co-chairs do not wield more power over the content of the ongoing work than other research group participants. Should we then eliminate all individuals affiliated with the NSA from participating? We may be able to identify those that choose to participate openly under that affiliation, but what about consultants or academics that fund their participation partially or fully through NSA contracts, now or in the past? What about participants from or funded by intelligence agencies in other countries that may or may not have collaborated with the NSA?,” Eggert said.
Perrin, however, disputed this notion, saying that the idea of co-chairs only serving as glorified secretaries is a flawed one.
“Chairs are responsible for creating agendas, running meetings, deciding when and how to call for consensus, interpreting the consensus, and liaising with other parties. All this gives them a great deal of power in steering a group’s work,” Perrin wrote in his response to Eggert’s email.
Perrin also said that the questions surrounding Igoe’s NSA employment and participation in the CFRG group are serious ones that could have long-term implications for the group and the IETF and IRTF in general.
“Finally, I think Kevin’s NSA affiliation, and the recent revelations of NSA sabotage of a crypto standard, raises issues you did not consider. You did not consider the cloud of distrust which will hang over an NSA-chaired CFRG, and over the ideas it endorses. You also did not consider that as the premier Internet standards organization, the IETF/IRTF’s actions here will make an unavoidable statement regarding the acceptability of such sabotage,” Perrin said.
“We have the opportunity to send a message that sabotaging crypto standards is unacceptable and destroys public trust in those organizations in a way that has real consequences. Or we send a message that it’s no big deal.”
Despite Eggert’s decision, there is still the possibility that the IAB, which is a committee of the IETF, could intervene, or that Igoe could choose to resign on his own.
Image from Flickr photos of Alex.