> so says the man with how many RFCs and other publications to his credit? that is very ad hominem. I fail to see the relevance of the question. are you capable of formulating a better argument? Lloyd Wood http://about.me/lloydwood you say crypto, I think cryptosporidium ________________________________________ From: ietf <ietf-bounces@xxxxxxxx> on behalf of Stephen Kent <kent@xxxxxxx> Sent: Saturday, 23 August 2014 6:04:53 AM To: saag@xxxxxxxx; ietf@xxxxxxxx Subject: Re: [saag] DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment) Ian, > On 20/08/2014 16:03 pm, Stephen Kent wrote: >> Ben, >> >> You noted my use of the phrase "Opportunistic Crypto-Secruity" instead >> of "Opportunistic Secruity." >> I made the change after someone else suggested it as a more precise >> description of what we're >> doing, > It's not more precise, it's either a distinction of no difference or a > mistake. so says the man with how many RFCs and other publications to his credit? > What we are doing is Opportunistic Security. That is, we are securing > the users' interests using an opportunistic approach. > > We are then applying this approach to protocols. Now, obviously, when > we are doing protocols, most security ends up being crypto in nature. a lot of security is not at all crypto-based: non-Ipsec firewalls, IDS's, ... > So in this sense of high-level viewpoint, the distinction is no > distinction, OS is crypto-security. I agree that what we are discussing is crypto security. I am not wedded to the OCS name alternative; I proposed OS and someone else suggested OCS. > But, at a more detailed level, this simplification is reversed: > sometimes we come across a technique that isn't crypto-related. For > example, TOFU. This is based on the limited time/space window, the > knowledge of the human operators, and the economics of attacking every > possibility all the time. TOFU is a key management mechanism, i.e., it is used to distribute a public key, which is then cached along with the proffered ID. I'd say that any key management mechanism is crypto-related. > TOFU is not crypto, yet it is OS. TOFU is one key management mechanism that MAY be part of an OS solution. DANE is another; unauthenticated Diffie-Hellman is another, ... > So, by saying crypto-security we are in danger of eliminating one of our > best and most successful techniques [0]. And, as we are talking > opportunistically, we indeed want to not be so prejudicial. We'll take > a benefit where we find it. we disagree on whether TOFU is crypto-related. > and because it has the advantage of being represented by an > acronym that isn't so common > (OCS vs. OS) in our arena. yes. > Yeah, overloading is a nice to avoid, but not essential. How about > opp-sec? Of if someone points out a clash with operational security, > then oppo-sec. opp-sec is not an acronym, so I don't see the parallel. Steve