Stephen wrote: > I think the path forward is more like making opportunistic > security mechanisms (in particular confidentiality) more-than-MTI > in a way that builds in some security (against passive attacks) > as an inherent feature of new protocols, but also results in > a far easier transition from there to fully authenticated, > compared to the massive gap between cleartext and fully > authenticated.
Teasing out OE from other potential tasks is a good thing; of that I'm convinced. Whether it's more than MTI *or even MTI* depends on what recommendations can be made regarding how to do it. A draft there would be most welcome (I've heard that some are thinking about doing something with OTR). Eliot _______________________________________________ perpass mailing list perpass@ietf.org https://www.ietf.org/mailman/listinfo/perpass