On Tue, Aug 05, 2014 at 06:14:19PM +0000, Viktor Dukhovni wrote: > On Tue, Aug 05, 2014 at 11:43:02AM -0400, Stephen Kent wrote: > > The bottom line is that a primary > > motivation for OS is a desire to remove barriers to the use of encryption, > > More strongly: > > * Yes at least encrypt when possible, but more generally, > * Avoid needlessly weak options, and finally, > * Strive for stronger security than just unauthenticated encryption, > with any peer for which this is possible. Yes. To be more specific OS must not preclude things like DANE that can be opportunistic and provide strong authentication. It's worth mentioning DNSSEC/DANE because a lot of concerns I've seen stated about OS (indeed, that I myself have stated) go away when one considers the use of DNSSEC for learning how to authenticate a service. (Or, perhaps, such concerns get transmutated into concerns about the lack of compromised/adversarial parent zone MITM detection in DNSSEC.) > Do no forget that during the saag discussion that preceded this > draft, this was one of the main differences between our views, and > that I do not subscribe to the view that opportunistic security is > a narrow response to PM or that it should be limited to promoting > just unauthenticated encryption. More than that: why should OS stop there? > > and removing the need for authentication based on certificates is a good way > > to do this. > > Not "removing", rather "not requiring". We lower the floor, > but not the ceiling of the range of acceptable protections. More +1. And, really, +1 to the rest of Viktor's response. Nico --