Best Effort Key Management (was Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt>

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 8/6/2014 5:24 AM, Stephen Farrell wrote:
> Hierarchy isn't the right concept here.
> 
> There are different states that might result after some
> opportunistic security steps are taken in a protocol.
...
> There are also interactions between all the above and the
> particular protocol we're trying to secure, 
...
> Its very important to note that there isn't even a partial
> order of the various end states on which we can always
> generically agree, never mind a full ordering. 


Stephen,

All of the above means that this term is for use only by security
experts, since it makes the term unwieldy for use by anyone else.

I'll also note that the draft says nothing like the above.  That should
bother you, and everyone else.

Worse, the different responses from folks who have been active in the
discussion and who try to explain the term show different
understandings/meanings.  Still.  After all this time and discussion.

For the term to be useful, it MUST have a simple meaning that is shared
amongst its users.  Otherwise, we are through the looking glass.

Initially, the saag discussion used the term opportunistic encryption.
It took awhile for an objection to be raised, claiming that the term was
already taken.  (I'll observe that, by my reading, the pre-existing use
is a subset of the functionality currently under discussion and that the
simplest and most productive path would have been merely to revise that
existing definition a bit, to be only a bit broader.)

The only "end-to-end" protection function that has been seriously
discussed is confidentiality through encryption.  All other protections
really have no concrete basis in practice or even in discussion focus,
within the context of this 'opportunistic' framework.

Of the various terms that were originally suggested, the one that has
the simplext, clearest and most useful meaning is "best effort".
Opportunistic is clearly a much sexier word, but the continuing lack of
coherent community understanding of its meaning makes it problematic. At
the least, it means that it will not be particularly intuitive for the
rest of the world.

In contrast, best effort is a commonly used term and it means exactly
what is at issue here, as the common thread to everyone's attempted
explanations.

To the extent that folks really can't abide having the term be focused
specifically  on encryption, then focus on the functional component that
is also common to everyone's explanations:  key management.  How the key
is administered is the essence of what the current topic is focused on.

   Best Effort Key Management

is horribly unsexy, but is wonderfully clear and from the mass of
different attempts to explain the topic, it is exactly what is of
concern here.

However key management is rather esoteric, which limits who will
understand the implications.  So:

   Best Effort Encryption

would equally be clear and give a sense of the protection at issue.



d/

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]