Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On Jul 30, 2014, at 1:15 PM, Stephen Kent <kent@xxxxxxx> wrote:

Martin,
On 30 July 2014 08:54, Stephen Kent <kent@xxxxxxx> wrote:
I would say:
"OS strives to greatly broaden the use of encryption in IETF protocols,
to combat PM. To facilitate incremental deployment, OS operates in
a fashion that may result in a plaintext connection/session."

That's a good description of OE, but wasn't the whole point of using
OS as the term to cover other opportunistic mechanisms, like maybe
opportunistic authentication (which I just invented, but I hope is
self-explanatory).

I don't think so.

Perhaps not, but it sounds a bit too binary for my taste. Without proposing an alternative (sorry!) I'd want it clearer that there may be an increasing number of multiple interoperable modes and a session should use the "best" one that can be agreed on.

As others have pointed out "best" may be ill-defined and you might need to trade e.g. better authentication against better encryption. I'm perfectly happy to leave the value function undefined, and I think we should be able to make the general principle clear.

Personal email.  hbhotz@xxxxxxx



[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]