On Wednesday, August 06, 2014 10:09:27 Paul Wouters wrote:
On Wed, 6 Aug 2014, Dave Crocker wrote:
Best Effort Encryption
That's actually a pretty good term. It can range from better than
nothing (no key management, with fallback to clear) to mutually
authenticated encryption (key management, no fallback to clear). And
even include TOFU.
The biggest problem with Opportunistic Security I have is that security
is so much more than just encryption, but our current efforts against
pervasive monitoring are mostly about encryption and optionally (though
preferably) with some authentication.
I don't see why it's better to pick a more narrowly scoped term, just because
current efforts are more narrowly scoped. I think that having a broad term
like OS defined is useful in that it covers other possibilities when they come
up.
As Viktor has mentioned, OS is a term that isn't inherently tied to a specific
protocol or security requirement. I think that's a good thing. It's a useful
concept to use in the process of designing security into protocols.
I was not involved in the saag discussions that led up to this, but I really
like the term opportunistic security. I think it better captures the dynamics
of what's intended by the concept.
Scott K