On Wed, Jul 30, 2014 at 05:31:14PM +0000, Viktor Dukhovni wrote:
"OS strives to greatly broaden the use of encryption in IETF protocols,
to combat PM. To facilitate incremental deployment, OS operates in
a fashion that may result in a plaintext connection/session."
This is I think addressed by the "Encrypt by default" principle,
but perhaps the below change helps to get the point across:
[...]
That change and a few more are in the -02 version:
A new version has been submitted for draft-dukhovni-opportunistic-security:
http://www.ietf.org/internet-drafts/draft-dukhovni-opportunistic-security-02.txt
Diff from previous version:
http://www.ietf.org/rfcdiff?url2=draft-dukhovni-opportunistic-security-02
Summary of changes:
- Replaced undefined "strong protection" with "protection
against both passive and active attacks".
- Moved Terminology section up between the Introduction and the Design
Principles (body) section.
- More references.
- Split some run-on sentences.
If anyone feels strongly that some of the original text was better,
please speak up...
--
Viktor.