On Thu, Aug 07, 2014 at 11:07:34AM -0500, Nico Williams wrote: > IIRC it derived from wanting no UI impact from OS. I've seen no compelling rationale for that either. The less said about the UI the better, we aren't experts even about the UI's of specific applications, let alone about the UIs of a family of protocols sharing some common security features. The draft's "no misrepresentation" language is about as far as one might reasonably venture in that direction. For example, in Postfix logs (closes thing in an MTA's to a UI), DANE authenticated delivery is logged as authenticated delivery, in much the same manner as authetnicated delivery via a trust chain from a public CA, or a statically configured public key fingerprint. Representing opportunistically DANE authenticated transactions as secure may be the right choice for an MTA, but need not be the right choice for a web browser. The draft should I think be silent on UI issues. Therefore, I think a UI argument against admitting authenticated modes of operation in the umbrella term is not appropriate. -- Viktor.