LLMpediaThe first transparent, open encyclopedia generated by LLMs

IETF CFRG

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: XMPP Standards Foundation Hop 5
Expansion Funnel Raw 97 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted97
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
IETF CFRG
NameIETF CFRG
Formation2014
TypeStandards organisation working group
LocationGlobal
Parent organizationInternet Engineering Task Force

IETF CFRG

The IETF CFRG is an Internet Engineering Task Force-focused committee that evaluates and recommends cryptographic primitives for use within IETF protocols. It provides technical review, selection, and guidance for algorithms used in protocols developed by IETF areas such as Internet Architecture Board, Internet Engineering Task Force, Internet Research Task Force, Internet Assigned Numbers Authority, and standards produced by working groups like TLS Working Group and QUIC Working Group. The CFRG interacts with external bodies including National Institute of Standards and Technology, European Union Agency for Cybersecurity, and International Organization for Standardization to harmonize choices across ecosystems.

Overview

The CFRG serves as an expert panel advising IETF on algorithm selection, parameter choices, and security properties for cryptographic algorithms adopted in IETF specifications. It reviews submissions from individuals and groups, issues consensus advice, and coordinates with standards bodies such as Institute of Electrical and Electronics Engineers, International Telecommunication Union, and World Wide Web Consortium. Its remit touches protocols used by projects like BIND, OpenSSL, LibreSSL, GnuTLS, and implementations in platforms including Linux kernel, FreeBSD, Android (operating system), and iOS. By considering guidance from organizations such as Cloudflare, Google LLC, Mozilla Foundation, and Microsoft, the CFRG helps ensure interoperability among deployments like Amazon Web Services, Cloudflare Workers, and Akamai Technologies.

History and Formation

The CFRG was chartered in the 2010s to fill a gap identified by IETF participants who needed a dedicated forum to assess cryptographic primitives for protocol use. Its creation followed discussions at IETF meetings attended by representatives of RSA Security, ECRYPT, ENISA, and academia from institutions such as Massachusetts Institute of Technology, Stanford University, University of Cambridge, and ETH Zurich. Historical influences included cryptographic debates related to protocols like IPsec, Secure Shell, and Transport Layer Security; incidents such as vulnerabilities disclosed in Heartbleed and analysis from research groups at Princeton University and University of California, Berkeley contributed to the impetus for formation.

Responsibilities and Charter

The CFRG's charter enumerates tasks including reviewing algorithm proposals, recommending algorithms for IETF protocol use, and publishing guidance on parameter choices and implementation considerations. It provides liaison to IETF areas including Applications Area, Operations and Management Area, and Security Area and consults with bodies like IANA and Internet Research Task Force groups on allocation matters. The CFRG evaluates submissions referencing work by cryptographers at IBM Research, Bell Labs, SRI International, and independent researchers such as Dan Bernstein, Tanja Lange, and Philip Rogaway to weigh performance, patent status, and resistance to attacks documented by conferences like CRYPTO, EUROCRYPT, and USENIX Security Symposium.

Working Groups and Collaborations

CFRG collaborates with IETF working groups and external consortia to integrate cryptographic guidance into protocol specifications. Regular interactions occur with TLS Working Group, S/MIME Working Group, MIKEY, AKEP2, and transport-focused groups like QUIC Working Group and HTTP Working Group. It also liaises with research and standards organizations such as IACR, NIST, ENISA, and ISO/IEC JTC 1/SC 27; industry consortia including OpenSSL Software Foundation, IETF Hackathon participants, and cloud providers inform practical deployment considerations. CFRG contributors often present at conferences including RSA Conference, Black Hat USA, and NDSS Symposium.

Cryptographic Primitives and Deliverables

CFRG evaluates a range of primitives: public-key schemes like Elliptic-curve cryptography proposals (including curves designed by researchers tied to Curve25519 and Curve448), signature schemes such as variants related to EdDSA, key-exchange mechanisms influenced by Diffie–Hellman key exchange and its elliptic-curve instantiations, symmetric primitives like AES, authenticated encryption modes in the lineage of Galois/Counter Mode, and hashing algorithms including families evolved from SHA-2 and SHA-3. Deliverables include recommended parameters, test vectors, and algorithm identifiers used by implementations like OpenSSL, BoringSSL, LibreSSL, and cryptographic libraries in OpenBSD and NetBSD.

Standards and Publications

The CFRG produces documents in the IETF stream that influence Request for Comments used by IETF working groups and implementers. Outputs include informational and standards-track RFCs, consensus advisories, and design notes referencing academic publications from venues like ACM CCS, IEEE S&P, and Eurocrypt. Notable RFCs emerging from CFRG review have affected protocols such as TLS 1.3, QUIC, and cryptographic identifier registries maintained in collaboration with IANA and the RFC Editor. The CFRG also contributes to registries and param-pages relied upon by implementers in OpenSSL and major browser vendors like Google Chrome, Mozilla Firefox, and Apple Safari.

Security Considerations

Security analysis is central to CFRG work: it assesses resistance to cryptanalysis, side-channel leaks, implementation pitfalls, and transition strategies for algorithm deprecation commonly debated with stakeholders like Cisco Systems, Juniper Networks, and large telecoms such as AT&T and Verizon Communications. The CFRG factors in research results from institutions including Carnegie Mellon University, University of Oxford, and University of Waterloo on post-quantum threats, and coordinates with projects such as the NIST Post-Quantum Cryptography Standardization effort. Recommendations emphasize conservative parameter choices, interoperable test vectors, and migration plans to mitigate vulnerabilities discovered in fields exemplified by incidents like ROBOT and protocol analyses published at IETF meetings.

Category:Internet standards