On 8/15/2014 1:15 PM, Paul Wouters wrote:
On Fri, 15 Aug 2014, Dave Crocker wrote:
If authentication is required, we have classic authenticated
encryption,
not opportunistic <foo>.
Again no, you're still reading what you would have said, rather
than what the draft actually says.
Viktor, that is your second statement commenting on my behavior.
Please stop commenting on what I am doing. And especially do not
comment on my reading skills or performance.
I don't believe Viktor is making such a statement on your behaviour.
We disagree. Worse, the 'response pattern' has been repeated across a
number of notes. It's ad hominem, mixed with out-of-hand dismissal.
The draft's definition of opportunism is "encrypt where possible, even
without authentication, but mandate authenticated encryption when
advertised".
It does not say the first part, though that language looks quite good to me.
The second part isn't opportunisticx. If authenticated is mandated,
there is nothing to be opportunistic about. If mandated is included in
opportunistic, then there is no actual meaning to the term other than
something trivial like "we like encryption".
While you seem to be saying opportunism is "In absence of
mandated authenticated encryption, try to use unauthenticated
encryption".
My definition:
Opportunism is the flexibility to use less-stringent protection,
hen stronger protection is not possible.
What Viktor is saying is that the parapraph in question makes sense
using his interpretation of the definition, and does not make sense
with your interpretation of the definition.
Clearly we have work to do to ensure there is only one interpreation of
the definition.
Yup.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net