ietf
[Top] [All Lists]

Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC

2014-08-05 22:53:59
On Tuesday, August 05, 2014 20:28:03 Dave Crocker wrote:
On 8/5/2014 8:14 PM, Scott Kitterman wrote:
It seems to me that all it means is that the MTA is taking the opportunity
to make the most secure connection it can on a peer basis.  Sometime
that's going to be a full DANE negotiated session protected by DNSSEC. 
Other times it's not.  I think the major point of opportunistic isn't how
good the resulting security is, but the idea of taking advantage of the
best option available on a per peer basis rather than treating it as all
or nothing.

That looks like quite a good paragraph to me.  I understand it, and it
describes something meaningful... and distinctive from current
approaches to use of encryption.

Focusing on a "framework that permits decreasing levels of encryption
protection" or similar language resonates with what I've been reading
about this opportunistic thing.  (My own view is that cleartext has no
place within that hierarchy, so some sort of minimum encryption needs to
be described.

I suspect that this is where you will part company with Victor (and myself).  
The description of opportunistic security in the draft prioritizes 
interoperability over encryption.  Making some form of encryption "mandatory" 
would reduce OS to a variant of today's all or nothing approaches.  A key 
feature of SO is that SO techniques can be used to gain additional security 
without risking loss of interoperability.

On 8/5/2014 8:16 PM, Viktor Dukhovni wrote:
DANE with authentication can be either opportunistic (enabled via
discovery on a peer by peer basis) or mandatory (required by local
policy, URI scheme, ...).  Postfix for example supports both
opportunistic and mandatory DANE TLS:
Sorry, but I don't understand how "enabled via discovery on a peer by
peer basis" is any different from use of StartTLS.  That sort of
confusion should not be prompted by 'definition' of such a basic term.

So while Scott's paragraph enjoys wonderfulness, what you are saying
still doesn't make much sense to me.  Worse, I fear that language of the
sort you are using will prove not very useful to the community.

It's not any different than an MTA using StartTLS.  Typical (non-CA enabled) 
StartTLS usage is an example of OS.  

Viktor and I are (I believe) saying the same thing, so if what I wrote makes 
more sense, then perhaps you could suggest where the gap between what I wrote 
and what's in the draft is for you so we can write better text.

Scott K

<Prev in Thread] Current Thread [Next in Thread>