ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC

2014-08-07 11:44:33
from [Nico Williams] [Permanent Link] 
On Thu, Aug 07, 2014 at 03:03:26PM +0000, Viktor Dukhovni wrote:

  - Rene Struik is concerned that opportunistic security might
    lead to a reduction in protection against active attacks,


I too had this concern.  For me the key is that looking forward to a
DANE-like world we get secure discovery of services' ability to
authenticate.  By "secure discovery" I mean: no downgrade attacks.

Rene's concern however is partly about people getting a false sense of
security and not bothering with anything else once they have
unauthenticated encryption everywhere.  However, I think DANE is much
more likely to gain momentum than people are to think they have security
against active attacks without it.

Nico
--
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC, Nico Williams
Next by Date:  Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC, Nico Williams
Previous by Thread:  Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC, Nico Williams
Next by Thread:  Re: [saag] Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC, Paul Wouters
Indexes:  [Date] [Thread] [Top] [All Lists]