On Sat, 16 Aug 2014, John Wroclawski wrote:
Oh *man* I’m going to regret this.
Hi. Jumping randomly into this conversation from the point of view of
someone who is fascinated by the dynamics but, yes, _has not read the
draft_, I’d like to observe something.
On Aug 15, 2014, at 2:14 PM, Viktor wrote:
<D. Crocker’s definition:
[D. Crocker] Opportunism is the flexibility to use less-stringent
protection,
when stronger protection is not possible.
This is a definition of something else. That something is not the
subject of the draft. […]
The subject is introducing the OS design pattern. The OS design
pattern as introduced, is to set a least common denominator baseline
(crypto)security policy (that might well be cleartext) and from
there do better whenever possible for each peer.
From my point of view, these two wordings are indistinguishable. Setting
a least common denominator and doing better whenever possible *is* using
less-stringent protection when stronger protection is not available. I
understand there’s nuance, relating to per-peer (which I think everyone
agrees with), to the multiple dimensions of protection, and to whether
“none” is a variant of “least” or not. But IMO, fundamentally these two
sentences say the same thing. If the intent is that they don’t, *very*
different words may be needed.
[trimmed the other example]
Perhaps the part that is missing is what Ted was referencing, namely the
unstated goal that the baseline can be raised over time, after gradual
adoption of the better-protection options has reached a sufficient
proportion of the population such that the downside of increasing the
baseline is minimal.
-Ben