On Tue, Nov 19, 2013 at 11:24:50AM +0100, Eliot Lear <[email protected]> wrote a message of 20 lines which said:
> OE may have other very valid uses The problem is not with the concept, it is with the words. "opportunistic encryption" is used in many places but poorly defined and many fights erupt because people do not actually understand the same thing when they hear "opportunistic encryption". What I suggest is to stop using this terme and instead to say: 1) "Encryption on demand" Encryption without a peer-specific arrangement. This is the meaning used in RFC 4322. Can be safe. 2) "Encryption without authentication". This is the meaning used in RFC 5386. Safe only against a purely passive attacker. 3) "Encryption with a fallback" (to unencrypted mode). This is the Wikipedia definition. Certainly unsafe. _______________________________________________ ietf-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-privacy
