On 8/15/2014 1:15 PM, Paul Wouters wrote:
> On Fri, 15 Aug 2014, Dave Crocker wrote:
>
>>>> If authentication is required, we have classic authenticated
>>>> encryption,
>>>> not opportunistic <foo>.
>>>
>>> Again no, you're still reading what you would have said, rather
>>> than what the draft actually says.
>>
>> Viktor, that is your second statement commenting on my behavior.
>>
>> Please stop commenting on what I am doing. And especially do not
>> comment on my reading skills or performance.
>
> I don't believe Viktor is making such a statement on your behaviour.
We disagree. Worse, the 'response pattern' has been repeated across a
number of notes. It's ad hominem, mixed with out-of-hand dismissal.
> The draft's definition of opportunism is "encrypt where possible, even
> without authentication, but mandate authenticated encryption when
> advertised".
It does not say the first part, though that language looks quite good to me.
The second part isn't opportunisticx. If authenticated is mandated,
there is nothing to be opportunistic about. If mandated is included in
opportunistic, then there is no actual meaning to the term other than
something trivial like "we like encryption".
> While you seem to be saying opportunism is "In absence of
> mandated authenticated encryption, try to use unauthenticated
> encryption".
My definition:
Opportunism is the flexibility to use less-stringent protection,
hen stronger protection is not possible.
> What Viktor is saying is that the parapraph in question makes sense
> using his interpretation of the definition, and does not make sense
> with your interpretation of the definition.
>
> Clearly we have work to do to ensure there is only one interpreation of
> the definition.
Yup.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net