LLMpediaThe first transparent, open encyclopedia generated by LLMs

IETF Crypto Forum Research Group

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Domain Name System Security Extensions Hop 4
Expansion Funnel Raw 111 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted111
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
IETF Crypto Forum Research Group
NameIETF Crypto Forum Research Group
AbbreviationCFRG
Formation2014
PurposeCryptographic research and guidance for Internet protocols
RegionGlobal
Parent organizationInternet Engineering Task Force

IETF Crypto Forum Research Group

The IETF Crypto Forum Research Group provides a venue for cryptographers, protocol designers, and engineers to discuss cryptographic choices for Internet standards, fostering collaboration between Internet Engineering Task Force, Internet Research Task Force, National Institute of Standards and Technology, European Telecommunications Standards Institute, Internet Architecture Board, and vendors such as Cisco Systems and Google LLC. It serves as a bridge among researchers from Massachusetts Institute of Technology, Stanford University, University of California, Berkeley, ETH Zurich, and practitioners from Mozilla Foundation, Cloudflare, Inc., Microsoft Corporation, and Amazon Web Services to align on algorithms, implementation guidance, and migration strategies. The group organizes technical discussions that involve participants from IETF Working Group, RFC Editor, OpenSSL Software Foundation, LibreSSL, and academic conferences such as CRYPTO, Eurocrypt, RSA Conference, and ACM CCS.

Overview

The group operates within the Internet Engineering Task Force ecosystem alongside entities like the Internet Research Task Force, IETF Working Group, RFC Editor, Internet Architecture Board, and standards bodies such as 3rd Generation Partnership Project, IANA, and World Wide Web Consortium. It convenes cryptographers affiliated with University of Cambridge, Princeton University, University of Illinois Urbana-Champaign, Carnegie Mellon University, and companies like Apple Inc., Facebook, Inc., and Akami Technologies to assess algorithm suitability for protocols including those developed by Transport Layer Security Working Group, QUIC Working Group, HTTP Working Group, and DNS Privacy Working Group. Discussions often reference results from conferences such as ASIACRYPT, Eurocrypt, IACR, and workshops like NordSec and Real World Crypto Symposium.

History and Formation

The formation traces to cross-cutting needs highlighted during debates among IKE Working Group, TLS Working Group, DNSSEC Working Group, and stakeholders from OpenSSL and GnuTLS Project, prompting coordination between the IETF and research communities represented at USENIX Security Symposium and Black Hat USA. Early contributors included researchers from Microsoft Research, Google Research, NIST, and SRI International, and practitioners from Juniper Networks and Verisign, Inc.. Milestones in its history align with the publication of guidance influencing RFC 8446, responses to advances from Shor's algorithm research presented in Quantum Information Processing venues, and algorithm selections discussed alongside NIST Post-Quantum Cryptography Standardization.

Objectives and Scope

The group's charter focuses on reviewing cryptographic algorithms, advising on parameter choices, and providing implementation guidance for Internet protocols developed by IETF Working Groups such as TLS Working Group, QUIC Working Group, and DNS PRIVATION Working Group. It aims to synthesize findings from CRYPTO, EUROCRYPT, FSE Workshop, and systematic analyses by institutions like NIST and ENISA to inform standards produced by bodies including IEEE Standards Association and ETSI. The scope includes public-key algorithms, symmetric primitives, hashing, key derivation, and post-quantum transitions discussed with researchers from IBM Research, Alibaba Group, and Zcash Company.

Activities and Outputs

Activities include mailing-list debates, in-person meetings at IETF Meetings, presentations at Real World Crypto Symposium, and drafting of documents that influence RFC publications, guidance similar to outputs from RFC Editor processes, and implementation notes for libraries such as OpenSSL, BoringSSL, and mbed TLS. Outputs comprise selection recommendations for elliptic curves, cipher suites, key sizes, and randomness requirements informed by literature from IACR ePrint Archive, analyses by Dan Bernstein, Tanja Lange, Nick Sullivan, and others who publish in venues like Cryptology ePrint Archive and IEEE Symposium on Security and Privacy. The group also issues advisories that practitioners at Cloudflare, Fastly, and Akamai Technologies use during deployments.

Organizational Structure and Membership

The group is an IRTF-style research group hosted under the Internet Research Task Force with chairs, a mailing list, and open participation policies similar to other IETF fora. Membership spans academics from University of Oxford, EPFL, University of Waterloo, and industry engineers from Intel Corporation, ARM Holdings, Qualcomm Incorporated, and open-source maintainers from OpenSSL Project and LibreSSL. Liaison relationships exist with NIST, ENISA, 3GPP, and standards teams at Google, Mozilla, and Apple to coordinate algorithmic guidance for protocols like TLS, QUIC, DNS-over-HTTPS, and SSH.

Notable Contributions and Impact

The group contributed to community consensus on curve selections used in RFC 7748 and influenced parameter choices reflected in RFC 8439 and RFC 7634-style recommendations, aiding deployments by Cloudflare, Google, and Mozilla. It has shaped migration strategies aligned with NIST Post-Quantum Cryptography Standardization recommendations, helped evaluate hybrid key-exchange approaches cited in protocol specifications used by Facebook, LinkedIn, and Twitter, Inc., and informed guidance used by implementers of OpenSSH and LibreSSL. Outputs have been cited in presentations at IETF Meetings, Real World Crypto, and workshops co-located with RSA Conference.

Criticisms and Challenges

Critics point to the difficulty of reconciling academic results from CRYPTO and Eurocrypt with rapid deployment pressures faced by Cloudflare, Google, and Facebook, Inc., and to challenges coordinating with standardization timelines at IETF Working Groups, NIST, and 3GPP. Other concerns include representation balance between contributors from North America, Europe, and Asia, integration of post-quantum proposals influenced by submissions to NIST Post-Quantum Cryptography Standardization, and the tension between conservative guidance and innovation advocated by researchers from University of Illinois, Tel Aviv University, and Weizmann Institute of Science.

Category:Internet standards organizations