On Wed, Jul 30, 2014 at 10:22:22AM -0700, Martin Thomson wrote:
On 30 July 2014 08:54, Stephen Kent <kent(_at_)bbn(_dot_)com> wrote:
I would say:
"OS strives to greatly broaden the use of encryption in IETF protocols,
to combat PM. To facilitate incremental deployment, OS operates in
a fashion that may result in a plaintext connection/session."
That's a good description of OE, but wasn't the whole point of using
OS as the term to cover other opportunistic mechanisms, like maybe
opportunistic authentication (which I just invented, but I hope is
self-explanatory).
Since opportunistic security subsumes opportunistic unauthenticated
encryption (where applicable), the proposed text is technically
sound. What remains to determine is to what extent the point is
already covered, and the exact language or location in the document
to update.
Yes, opportunistic security also subsumes designs with "opportunistic
authentication", such as proposed in the DANE SMTP draft, which
specifies "opportunistic DANE TLS" for SMTP. I hope that other OS
protocols will indeed find a way to do "opportunistic authentication"
whenever possible and not just be limited to unauthenticated
encryption.
OS is a "golf umbrella" term... :-)
--
Viktor.