ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Best Effort Key Management (was Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt>

2014-08-06 09:02:03
from [Stephen Farrell] [Permanent Link] 

Hiya,

On 06/08/14 14:43, Dave Crocker wrote:

On 8/6/2014 5:24 AM, Stephen Farrell wrote:

Hierarchy isn't the right concept here.

There are different states that might result after some
opportunistic security steps are taken in a protocol.

...

There are also interactions between all the above and the
particular protocol we're trying to secure, 

...

Its very important to note that there isn't even a partial
order of the various end states on which we can always
generically agree, never mind a full ordering. 



Stephen,

All of the above means that this term is for use only by security
experts, since it makes the term unwieldy for use by anyone else.


Not "only," nor just "experts" - I think the term is meant for
protocol developers that care about and know something about
security. An average or better IETF participant I guess would be
the right target. (Please also note that this draft is not meant
to say how to apply OS to your protocol, nor is it a beginners
tutorial. The former is another day's work, but is the kind of
thing that we also need to do after this bit is done, and
probably via an update to BCP72. The tutorial thing may well be
better done outside the IETF.)


I'll also note that the draft says nothing like the above.  That should
bother you, and everyone else.


It doesn't though:-) Maybe its a fair point though that the
draft assumes a bit too much knowledge on the part of the
reader. I'd have to go check again.


Worse, the different responses from folks who have been active in the
discussion and who try to explain the term show different
understandings/meanings.  Still.  After all this time and discussion.

For the term to be useful, it MUST have a simple meaning that is shared
amongst its users.  Otherwise, we are through the looking glass.


I fully disagree. It seems to me that Viktor, Steve K, Scott K, Nico
and I and others are all saying the same thing in different words
and are in fact agreeing with one another. Yet to you it seems
that we're not. That is an issue to look at yes. So I need to look
back and see what it is that you (and the few other folks who've
commented similarly) are finding problematic. Right now, I'm just
not getting it tbh, but I expect we'll figure it out.

However I *really* do not think we'd be wise to re-start the work
looking for a new term or a new meaning so I won't comment on
your suggestions along those lines.

S.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Best Effort Key Management (was Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt>, Stephen Farrell
Next by Date:  Re: Best Effort Key Management (was Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt>, Dave Crocker
Previous by Thread:  Re: Best Effort Key Management (was Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt>, Stephen Farrell
Next by Thread:  Re: Best Effort Key Management (was Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt>, Viktor Dukhovni
Indexes:  [Date] [Thread] [Top] [All Lists]