Steve (et al.),
On 3/12/2014 6:35 AM, Stephen Kent wrote:
Joe,
...
with that definition of the term, which is IPsec-specific.
I'm not quite sure what term or what definition you're referring to:
OE, anonymous encryption, or unauthenticated key exchange. Can you
clarify?
>
OE. I argue that OE is defined only for IPsec, because the definition
focuses on how to
avoid the need to coordinate SPD entries at each end.
Agreed.
I have
suggested "opportunistic keying" as a preferred term, since its the
key management, not the encryption per se, that distinguishes other
proposed modes of operation for IPsec, TLS, etc.
I agree if you're replacing OE with OK ;-)
>
yeah, I like OK (and I like IKE too, for those of us old enough to
appreciate that election slogan)
I'm still a little hesitant, thinking on it further, about the term
"opportunistic" in this sense at all.
BTNS uses unsigned key exchanged, and there's nothing "opportunistic"
about it. Unsigned authentication is the goal from the start.
OE as defined in RFC 4322 isn't about using unsigned key exchange; the
"opportunistic" sense is derived from using keys retrieved from DNS
without prior agreement. That's not what happens in BTNS.
Paul just noted:
"Opportunistic keying does provide authentication, it's just that
the authentication is only to the public key and is not
tightly bound to any other type of identification (address, name, etc.)"
I.e., fundamentally, opportunistic approaches are completely different
from those that don't ever bother to authenticate. I don't think it's
useful (and could be confusing) to confuse the two by overlapping
terminology.
I don't like the term "optimistic" either; it too implies something that
you "hope works". There's no "hope" associated with unsigned key
exchange; you do it (IMO) because you know what it is and you know its
impact (e.g., raising the bar of an attacker to performing a full key
exchange, vs. just tossing single packets like RSTs around).
Is there a reason not to just call unauthenticated key exchange what it
is - unauthenticated key exchange?
If you want something pithy, maybe "Zero-ID security"?
The breakout group at the STRINT workshop that discussed terminology
suggested using the term noted above.
Sorry, but to clarify, which term?
>
OK vs. OE.
Thanks for the clarification.
Joe
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
