Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Aug 05, 2014 at 06:04:52PM -0700, Dave Crocker wrote:

> So while use of DANE has some interesting differences from using a
> classic CA-based key, using it as a basis for encryption ought to
> qualify as fairly straightforward authenticated encryption.
> 
> That doesn't seem at all 'opportunistic' to me.

It is when authentication is then used *only* with peers that
publish TLSA RRs and not with peers that don't.  You get opportunistic
authentication, which is employed when possible (or at least promised
by the peer system's DNS administrator) and not otherwise.

See:

    https://tools.ietf.org/html/draft-ietf-dane-smtp-with-dane-11

-- 
	Viktor.
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]