Hi, Steve,
On 3/11/2014 2:53 PM, Stephen Kent wrote:
Joe,
On Mar 6, 2014, at 1:23 AM, Phillip Hallam-Baker <[email protected]
<mailto:[email protected]>> wrote:
The term opportunistic has become the new synonym for 'Good' but it
is being used for many different things.
A) Unauthenticated key exchange
Fwiw, this is IMO an error since I first introduced BTNS, and I had to
clear it up on Wikipedia multiple times. I see nothing opportunistic
about this mode as a stand-alone concept.
>
The original use of the termappears to be from RFC 4322, Micheal
Richardson's document. He describes how to use keys retrieved from
the DNS with IPsec/IKE, without prior, bilateral arrangements for
access control, via the SPD. He defined OE that way, and noted that
it was not an unauthenticated mode of IPsec.
RFC4322 defines OE.
Section 1.2 describes "anonymous encryption" which is basically
unauthenticated key exchange.
From later in that section:
Although it is a useful mode, anonymous encryption is not the goal of
this project.
Michael and I discussed the difference between the two (OE and anonymous
encryption) on many occasions, and I don't think either of us ever
confused the two (though someone who edited Wikipedia did once). The
sentence above confirms that, AFAICT.
> I prefer that we stick
with that definition of the term, which is IPsec-specific.
I'm not quite sure what term or what definition you're referring to: OE,
anonymous encryption, or unauthenticated key exchange. Can you clarify?
I have
suggested "opportunistic keying" as a preferred term, since its the
key management, not the encryption per se, that distinguishes other
proposed modes of operation for IPsec, TLS, etc.
I agree if you're replacing OE with OK ;-)
The breakout group at the STRINT workshop that discussed terminology
suggested using the term noted above.
Sorry, but to clarify, which term?
Joe
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
