On Wed, Mar 12, 2014 at 7:37 PM, Viktor Dukhovni <[email protected]> wrote: > On Wed, Mar 12, 2014 at 02:59:34PM -0700, Joe Touch wrote: > > [ It seems the discussion has moved on beyond the specifics of the title of > the SMTP with DANE draft: "SMTP security via opportunistic DANE TLS". So > if anyone has a considered proposal for a better name, please start a new > thread on the DANE list only, or just send me your suggestions off-list. ]
It has moved beyond SMTP w/ DANE because we actually need general terminology for some of these behaviors. > 2. Opportunistic use of authenticated TLS (e.g. via DANE) with > fallback to "0." when the destination authentication policy > is not available. > > http://www.postfix.org/TLS_README.html#client_tls_dane > (with the "dane" security level) > > Here when "usable" secure TLSA records are published, > the server is always authenticated. But otherwise, we > do our best to at least not send in the clear. Right, we should distinguish "authenticate with TLS server PKI" from authenticate via DANE". > So perhaps a small list of terms (nouns or noun-phrases) will not > cover all the models in a generic way. We can however provide some > guidance on the appropriate use of some popular "adjectives", to > encourage people to use them in a more appropriate, consistent > fashion. > > My contention is, for example, that the use of "opportunistic" in > "opportunistic TLS" to describe TLS in case "0" is a proper use of > that adjective. Similarly "opportunistic DANE TLS" for case "2" > is also reasonable. By way of contrast one might speak of "mandatory > TLS", "mandatory DANE TLS", ... No argument from me. You're right too that we're going to compose two or more words. > Finally, the terminology is the least of our worries, lets get more > of the security protocols deployed! Well, you'd be surprised. Terminology makes a huge difference 'round these here parts. In this particular space we have a chance to define generic terms because a lot of the behaviors in question are new(ish). Sounds like a huge win to me! Nico -- _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
