On Tue, Aug 05, 2014 at 06:04:52PM -0700, Dave Crocker wrote: > So while use of DANE has some interesting differences from using a > classic CA-based key, using it as a basis for encryption ought to > qualify as fairly straightforward authenticated encryption. > > That doesn't seem at all 'opportunistic' to me. It is when authentication is then used *only* with peers that publish TLSA RRs and not with peers that don't. You get opportunistic authentication, which is employed when possible (or at least promised by the peer system's DNS administrator) and not otherwise. See: https://tools.ietf.org/html/draft-ietf-dane-smtp-with-dane-11 -- Viktor.