On 16/08/14 00:44, Fred Baker (fred) wrote:
On Aug 15, 2014, at 4:38 PM, Dave Crocker <dhc(_at_)dcrocker(_dot_)net> wrote:
It never occurred to me -- and I don't believe I have seen
community support for the idea -- that no encryption is reasonable
to count as a form of encryption.
We could discuss ESP-NULL. While I would not agree that it is a form
of encryption, it is a defined algorithm with respect to IPsec ESP.
It is usually discussed in the context of authentication, as a
replacement for ESP-AH.
Actually I don't think we need to go there.
Opportunistic security (OS) is not a form of encryption.
Nor is no-encryption a form of encryption.
OS, according to the draft, is a protocol design pattern that
can result in the use of encryption or that can result in the
use of no-encryption.
That does not make no-encryption a form of encryption.
Both are potential outcomes when a protocol is designed according
to the OS pattern. In other words when a protocol uses the
OS pattern then stuff (e.g. in-band negotiation or whatever)
happens and the end result is the protocol endpoints have a
security configuration (whether to encrypt or not and in the
former case, how) for this "run" of the protocol.
Done well, we'd all hope that no-encryption is a rare outcome,
but we can't rule it out, says the draft.
S.