On Fri, 15 Aug 2014, Paul Wouters wrote: > On Fri, 15 Aug 2014, Viktor Dukhovni wrote: > > > On Fri, Aug 15, 2014 at 03:01:59PM -0400, Paul Wouters wrote: > > > > > Background Encryption ? > > > Preemptive Encryption ? > > > Preventive Encryption ? > > > Preventative Encryption ? > > > Countermeassure Encryption ? > > > Remedial Encryption ? > > > > This boat has sailed: > > > > TLS -> TLE: Transport Layer Encryption? > > IPsec -> IPenc: IP encryption? > > SSH -> ESH: Encrypted SHell? > > HTTPS -> HTTPE: HTTP over TLE? > > ... > > All these four protocols require AUTHENTICATION plus ENCRYPTION. Thus > there have a legitimate reason to call it security and not just > encryption. > > > Let's talk about the substance of the draft. > > This draft proposes encryption in the possible absence of > authentication. While I can call it privacy or encryption, That is not an accurate summary of the proposals made by the draft. The draft proposes to use what tools are available to do the best you can. If the peer you're talking to has configured DANE records that you can retrieve via DNSSEC, then you can authenticate that particular connection, securely. A protocol that performs such a lookup and authenticates that connection is an opportunisticly secure protocol, because it does not require that all connections have that lookup succeed -- the authentication is performed opportunisticaly, when it is possible. That is not to say that the draft is perfect; I have not finished a detailed read of the -03, and there are certainly things that could be improved. Failing to do more than cover encryption is not one of them. -Ben