Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 6 Aug 2014, Stephen Kent wrote:

4. The term "collection" is generally defined as passive wiretapping, so encryption
suffices, irrespective of using other security services.

I think that the term or usage of the term will need to be updated in that
case since we have been made aware of the efforts of massively storing
encrypted traffic for later decryption (note the leaks regarding pptp
and weak IKE PSK's in particular)

Encryption is not "sufficient" to protect against "collection". It only
raises the costs for the collector to decrypt it.  Pervasive monitors
in fact, _especially_ collect encrypted communications for later processing.

12. Saying that an OS-capable peer may demand more than unauthenticated encryption does
conflict with the stated goal of not requiring coordination (between  administrators). I think
this is an example of trying to make the term OS all encompassing.

Well, the term "opportunistic security" surely feels more encompassing
compared to "opportunistic encryption". If we are only talking about
encryption, don't call it security.

Paul





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]