Viktor Dukhovni <[email protected]> wrote: > > The result is in a way doubly "opportunistic". Not only is DANE > employed when possible (downgrade-resistant modulo DNSSEC compromise), > but when DANE is not applicable, unauthenticated TLS is employed > when possible (passive attack resistant, but vulnerable to MITM > attacks).
I think what you are describing is just protocol feature negotiation and so it does not need a special term. We don't talk about opportunistic cipher suites, for example. Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ Fair Isle: Southwesterly veering westerly 5 to 7, but 4 at first in southeast, perhaps gale 8 later in west. Moderate or rough, occasionally very rough in northwest. Rain later. Moderate or good. _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
