Yes, and this begs a question about which encryption we're talking about, as well. While most of us see the world as AES, others see it as GOST and yet others may have other algorithms they are required to use. Plain text may be the least common denominator in some cases, for interoperability. That doesn't mean we have to code to that case, but we should at least recognize that if we don't there may be some sites that become inaccessible to some class of users.
Eliot On 10/21/13 12:14 PM, Tony Rutkowski wrote: > Hi Eliot, > > Apropos to your suggestion... > > What about MTnI (mandatory to not implement) or MTB (mandatory to break)? > Public networks and services have been subject to governmental controls on > encryption by every country in international law since 1850. Individuals and > small groups may be able to skirt the requirements, but not commercial or > institutional providers. Seems like a bit of a scaling challenge? > > --tony > > Eliot Lear <l...@cisco.com> wrote: > >> Stephen wrote: >> >>> I think the path forward is more like making opportunistic >>> security mechanisms (in particular confidentiality) more-than-MTI >>> in a way that builds in some security (against passive attacks) >>> as an inherent feature of new protocols, but also results in >>> a far easier transition from there to fully authenticated, >>> compared to the massive gap between cleartext and fully >>> authenticated. >> Teasing out OE from other potential tasks is a good thing; of that I'm >> convinced. Whether it's more than MTI *or even MTI* depends on what >> recommendations can be made regarding how to do it. A draft there would >> be most welcome (I've heard that some are thinking about doing something >> with OTR). >> >> Eliot >> _______________________________________________ >> perpass mailing list >> perpass@ietf.org >> https://www.ietf.org/mailman/listinfo/perpass _______________________________________________ perpass mailing list perpass@ietf.org https://www.ietf.org/mailman/listinfo/perpass
