On Thu, Aug 07, 2014 at 11:07:34AM -0500, Nico Williams wrote:
IIRC it derived from wanting no UI impact from OS.
I've seen no compelling rationale for that either.
The less said about the UI the better, we aren't experts even about
the UI's of specific applications, let alone about the UIs of a
family of protocols sharing some common security features. The
draft's "no misrepresentation" language is about as far as one
might reasonably venture in that direction.
For example, in Postfix logs (closes thing in an MTA's to a UI),
DANE authenticated delivery is logged as authenticated delivery,
in much the same manner as authetnicated delivery via a trust chain
from a public CA, or a statically configured public key fingerprint.
Representing opportunistically DANE authenticated transactions as
secure may be the right choice for an MTA, but need not be the
right choice for a web browser. The draft should I think be
silent on UI issues.
Therefore, I think a UI argument against admitting authenticated
modes of operation in the umbrella term is not appropriate.
--
Viktor.