On 16/08/14 00:44, Fred Baker (fred) wrote: > > On Aug 15, 2014, at 4:38 PM, Dave Crocker <dhc@xxxxxxxxxxxx> wrote: > >> It never occurred to me -- and I don't believe I have seen >> community support for the idea -- that no encryption is reasonable >> to count as a form of encryption. > > We could discuss ESP-NULL. While I would not agree that it is a form > of encryption, it is a defined algorithm with respect to IPsec ESP. > It is usually discussed in the context of authentication, as a > replacement for ESP-AH. Actually I don't think we need to go there. Opportunistic security (OS) is not a form of encryption. Nor is no-encryption a form of encryption. OS, according to the draft, is a protocol design pattern that can result in the use of encryption or that can result in the use of no-encryption. That does not make no-encryption a form of encryption. Both are potential outcomes when a protocol is designed according to the OS pattern. In other words when a protocol uses the OS pattern then stuff (e.g. in-band negotiation or whatever) happens and the end result is the protocol endpoints have a security configuration (whether to encrypt or not and in the former case, how) for this "run" of the protocol. Done well, we'd all hope that no-encryption is a rare outcome, but we can't rule it out, says the draft. S.