On Tue, 5 Aug 2014, Nico Williams wrote:
To be more specific OS must not preclude things like DANE that can be
opportunistic and provide strong authentication.
Do no forget that during the saag discussion that preceded this
draft, this was one of the main differences between our views, and
that I do not subscribe to the view that opportunistic security is
a narrow response to PM or that it should be limited to promoting
just unauthenticated encryption.
More than that: why should OS stop there?
Aren't these two comments of contradicting? First you say authenticated
encryption is not opportunistic security, then you say that OS should
be more then just unauthenticated encryption and should not stop there?
Paul