On Jul 30, 2014, at 1:15 PM, Stephen Kent <kent(_at_)bbn(_dot_)com> wrote:
Martin,
On 30 July 2014 08:54, Stephen Kent <kent(_at_)bbn(_dot_)com> wrote:
I would say:
"OS strives to greatly broaden the use of encryption in IETF protocols,
to combat PM. To facilitate incremental deployment, OS operates in
a fashion that may result in a plaintext connection/session."
That's a good description of OE, but wasn't the whole point of using
OS as the term to cover other opportunistic mechanisms, like maybe
opportunistic authentication (which I just invented, but I hope is
self-explanatory).
I don't think so.
Perhaps not, but it sounds a bit too binary for my taste. Without proposing an
alternative (sorry!) I'd want it clearer that there may be an increasing number
of multiple interoperable modes and a session should use the "best" one that
can be agreed on.
As others have pointed out "best" may be ill-defined and you might need to
trade e.g. better authentication against better encryption. I'm perfectly happy
to leave the value function undefined, and I think we should be able to make
the general principle clear.
Personal email. hbhotz(_at_)oxy(_dot_)edu