DANE should be more prominent (Re: Review of: Opportunistic Security -03

On Sat, Aug 16, 2014 at 04:48:54AM +0000, Viktor Dukhovni wrote:

Perhaps I should expand the example section to explain opportunistic
DANE TLS for SMTP (even if that spec is still some weeks from LC),
not just opportunistic TLS.  Then people might have a better
understanding of how opportunistic authentication works with DANE,
and should work generally.  I don't want the draft to over-emphasize
DANE, it not just about DANE, but leaving out that example may have
resulted in text that is a too abstract.


For me DANE is the critical piece to understanding how the OS protocol
design pattern can raise the floor without lowering the ceiling and
without encouraging a general reduction of security against active
attacks.  The key lies in DNSSEC's authenticated non-existence
functionality.

Nico
--

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Review of: Opportunistic Security -03 preview for comment, (continued) Re: Review of: Opportunistic Security -03 preview for comment, Michael Richardson Re: Review of: Opportunistic Security -03 preview for comment, Nico Williams Re: Review of: Opportunistic Security -03 preview for comment, Stephen Kent Re: [saag] Review of: Opportunistic Security -03 preview for comment, Benjamin Kaduk Re: [saag]: Review of: Opportunistic Security -03 preview for comment, Viktor Dukhovni Re: [saag]: Review of: Opportunistic Security -03 preview for comment, Eliot Lear Re: [saag]: Review of: Opportunistic Security -03 preview for comment, John Wroclawski Re: [saag]: Review of: Opportunistic Security -03 preview for comment, Viktor Dukhovni RE: [saag]: Review of: Opportunistic Security -03 preview for comment, l.wood Re: [saag] : Review of: Opportunistic Security -03 preview for comment, Theodore Ts'o DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment), Nico Williams <= Re: DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment), Phillip Hallam-Baker Re: [saag] DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment), Benjamin Kaduk Re: [saag] DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment), Dave Crocker Re: [saag] DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment), Benjamin Kaduk Re: [saag] DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment), Viktor Dukhovni Message not available Message not available Message not available Re: [saag] DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment), Viktor Dukhovni Re: [saag] DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment), Benjamin Kaduk Re: [saag] DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment), Stephen Kent Message not available Message not available Message not available Message not available Message not available Re: [saag] DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment), Stephen Kent RE: [saag] DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment), l.wood

DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment)