On 8/6/2014 5:24 AM, Stephen Farrell wrote: > Hierarchy isn't the right concept here. > > There are different states that might result after some > opportunistic security steps are taken in a protocol. ... > There are also interactions between all the above and the > particular protocol we're trying to secure, ... > Its very important to note that there isn't even a partial > order of the various end states on which we can always > generically agree, never mind a full ordering. Stephen, All of the above means that this term is for use only by security experts, since it makes the term unwieldy for use by anyone else. I'll also note that the draft says nothing like the above. That should bother you, and everyone else. Worse, the different responses from folks who have been active in the discussion and who try to explain the term show different understandings/meanings. Still. After all this time and discussion. For the term to be useful, it MUST have a simple meaning that is shared amongst its users. Otherwise, we are through the looking glass. Initially, the saag discussion used the term opportunistic encryption. It took awhile for an objection to be raised, claiming that the term was already taken. (I'll observe that, by my reading, the pre-existing use is a subset of the functionality currently under discussion and that the simplest and most productive path would have been merely to revise that existing definition a bit, to be only a bit broader.) The only "end-to-end" protection function that has been seriously discussed is confidentiality through encryption. All other protections really have no concrete basis in practice or even in discussion focus, within the context of this 'opportunistic' framework. Of the various terms that were originally suggested, the one that has the simplext, clearest and most useful meaning is "best effort". Opportunistic is clearly a much sexier word, but the continuing lack of coherent community understanding of its meaning makes it problematic. At the least, it means that it will not be particularly intuitive for the rest of the world. In contrast, best effort is a commonly used term and it means exactly what is at issue here, as the common thread to everyone's attempted explanations. To the extent that folks really can't abide having the term be focused specifically on encryption, then focus on the functional component that is also common to everyone's explanations: key management. How the key is administered is the essence of what the current topic is focused on. Best Effort Key Management is horribly unsexy, but is wonderfully clear and from the mass of different attempts to explain the topic, it is exactly what is of concern here. However key management is rather esoteric, which limits who will understand the implications. So: Best Effort Encryption would equally be clear and give a sense of the protection at issue. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net