> On Mar 6, 2014, at 1:23 AM, Phillip Hallam-Baker <[email protected]> wrote: > > The term opportunistic has become the new synonym for 'Good' but it is being > used for many different things. > > A) Unauthenticated key exchange
Fwiw, this is IMO an error since I first introduced BTNS, and I had to clear it up on Wikipedia multiple times. I see nothing opportunistic about this mode as a stand-alone concept. I personally don't this the term applies to the modes listed below either. One mode you didn't include - that I recall as one of tho first uses of the term opportunistic, and remains the only one I associate with the term. - is the use of a key before either the key or encryption in general has been negotiated and is not the protocol default. (I.e., a little like B but more just start using it then an 'upgrade'. ) Joe > B) Upgrade from plaintext to encrypted without controlling security policy > requiring use of encryption. > > C) Silent-fail on bad credentials > > D) Silent-success on bad credentials > > There are arguments for all of these but I am just watching a presentation on > 'opportunistic encryption' in DANE and I think the term is selling DANE short. > > DNS is an authoritative path for statements about DNS labels. Ergo > authenticated DNS RRs are authenticated statements about them. DANE provides > authenticated statements about security policy and keys. Ergo DANE cannot > support opportunistic encryption because it is policy directed encryption > (i.e. better). > > > > -- > Website: http://hallambaker.com/ > _______________________________________________ > saag mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/saag
_______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
