On Sat, 16 Aug 2014, John Wroclawski wrote: > Oh *man* I’m going to regret this. > > Hi. Jumping randomly into this conversation from the point of view of > someone who is fascinated by the dynamics but, yes, _has not read the > draft_, I’d like to observe something. > > On Aug 15, 2014, at 2:14 PM, Viktor wrote: > > >> <D. Crocker’s definition: > >> > >> [D. Crocker] Opportunism is the flexibility to use less-stringent protection, > >> when stronger protection is not possible. > > > > This is a definition of something else. That something is not the > > subject of the draft. […] > > > > The subject is introducing the OS design pattern. The OS design > > pattern as introduced, is to set a least common denominator baseline > > (crypto)security policy (that might well be cleartext) and from > > there do better whenever possible for each peer. > > From my point of view, these two wordings are indistinguishable. Setting > a least common denominator and doing better whenever possible *is* using > less-stringent protection when stronger protection is not available. I > understand there’s nuance, relating to per-peer (which I think everyone > agrees with), to the multiple dimensions of protection, and to whether > “none” is a variant of “least” or not. But IMO, fundamentally these two > sentences say the same thing. If the intent is that they don’t, *very* > different words may be needed. [trimmed the other example] Perhaps the part that is missing is what Ted was referencing, namely the unstated goal that the baseline can be raised over time, after gradual adoption of the better-protection options has reached a sufficient proportion of the population such that the downside of increasing the baseline is minimal. -Ben