On Sat, 16 Aug 2014, Phillip Hallam-Baker wrote:
On Sat, Aug 16, 2014 at 4:19 PM, Nico Williams
<nico(_at_)cryptonector(_dot_)com> wrote:
On Sat, Aug 16, 2014 at 04:48:54AM +0000, Viktor Dukhovni wrote:
Perhaps I should expand the example section to explain opportunistic
DANE TLS for SMTP (even if that spec is still some weeks from LC),
not just opportunistic TLS. Then people might have a better
understanding of how opportunistic authentication works with DANE,
and should work generally. I don't want the draft to over-emphasize
DANE, it not just about DANE, but leaving out that example may have
resulted in text that is a too abstract.
For me DANE is the critical piece to understanding how the OS protocol
design pattern can raise the floor without lowering the ceiling and
without encouraging a general reduction of security against active
attacks. The key lies in DNSSEC's authenticated non-existence
functionality.
???
DANE isn't opportunistic security. It is authenticated security policy
and keys. Thats the opposite of opportunistic.
There is a protocol design pattern that involves optimistically checking
for and using DANE records where they exist, and not using them when their
existence has been authoritatively denied. The overall protocol is
optimistic, in that the use of DANE is not required, but its benefits are
used when available.
-Ben