ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC

2014-08-05 20:27:44
from [Viktor Dukhovni] [Permanent Link] 
On Tue, Aug 05, 2014 at 06:04:52PM -0700, Dave Crocker wrote:


So while use of DANE has some interesting differences from using a
classic CA-based key, using it as a basis for encryption ought to
qualify as fairly straightforward authenticated encryption.

That doesn't seem at all 'opportunistic' to me.


It is when authentication is then used *only* with peers that
publish TLSA RRs and not with peers that don't.  You get opportunistic
authentication, which is employed when possible (or at least promised
by the peer system's DNS administrator) and not otherwise.

See:

    https://tools.ietf.org/html/draft-ietf-dane-smtp-with-dane-11

-- 
        Viktor.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC, Dave Crocker
Next by Date:  Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC, Dave Crocker
Previous by Thread:  Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC, Dave Crocker
Next by Thread:  Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC, Dave Crocker
Indexes:  [Date] [Thread] [Top] [All Lists]