Oh *man* I’m going to regret this. Hi. Jumping randomly into this conversation from the point of view of someone who is fascinated by the dynamics but, yes, _has not read the draft_, I’d like to observe something. On Aug 15, 2014, at 2:14 PM, Viktor wrote: >> <D. Crocker’s definition: >> >> [D. Crocker] Opportunism is the flexibility to use less-stringent protection, >> when stronger protection is not possible. > > This is a definition of something else. That something is not the > subject of the draft. […] > > The subject is introducing the OS design pattern. The OS design > pattern as introduced, is to set a least common denominator baseline > (crypto)security policy (that might well be cleartext) and from > there do better whenever possible for each peer. >From my point of view, these two wordings are indistinguishable. Setting a least common denominator and doing better whenever possible *is* using less-stringent protection when stronger protection is not available. I understand there’s nuance, relating to per-peer (which I think everyone agrees with), to the multiple dimensions of protection, and to whether “none” is a variant of “least” or not. But IMO, fundamentally these two sentences say the same thing. If the intent is that they don’t, *very* different words may be needed. Similarly, On Aug 15, 2014, at 1:48 PM, Pete Resnick <presnick@xxxxxxxxxxxxxxxx> wrote: > Hatless... > > […] > Opportunism here is to take the opportunity to do the *best* encryption you can do. If the other end advertises authenticated encryption, you take the opportunity to do authenticated encryption. If that's unavailable but you can do unauthenticated encryption, that's the best you can do and you opportunistically do that. […] > >> [Crocker, again] Opportunism is the flexibility to use less-stringent protection, when stronger protection is not possible. >> > Using less-stringent protection when stronger protection is not available is not an "opportunity". It's a compromise. Again, to my mind there is *no difference* between the words "If X is unavailable but you can do Y, that's the best you can do and you opportunistically do that” and the words "Using less-stringent protection when stronger protection is not available …”, yet in one case it’s being given as an example and in the other case it’s being stated as an incorrect non-example. “this won’t do”, as they say. To be clear: I am not at all meaning to pick on Victor or Pete or Dave specifically. But I thought it might be useful to mention that from the perspective of someone who’s randomly walked into the back of the virtual room and is trying to understand things just from the emails, you guys are saying exactly the same thing, and then claiming you aren’t. cheers john