On Tue, Aug 19, 2014 at 04:42:07PM -0400, Benjamin Kaduk wrote: > I, for one, have been trying to do so. > > As a case in point, we seem to have some concern that the term > "authenticated encryption" is poorly defined or confusing or otherwise > problematic. > > In > https://github.com/kaduk/saag/commit/1e10ebc320d1a4d13dd0c693b07bba2492aa1947 > , I propose to define a new term "authenticated connection" and define > authenticated and unauthenticated encryption in terms of whether or not > the encrypted data is transiting an authenticated connection. By > separating the two security mechanisms, I think that the potential for > confusion is reduced. Based on Steve Kent's earlier suggestion, I had updated my work-in-progress document to avoid the problematic term. Note, in many cases what we have is "authenticated sessions". Not all protocols are "connection oriented", and notably TLS supports session resumption. So "authenticated connection" is perhaps not optimal. I had used "authenticated encrypted communication" as suggested, but will see whether that is still needed after further suggested revisions. Thanks for the concrete feedback, it is much easier to work with suggested text than without. -- Viktor.