Re: DANE should be more prominent (Re: Review of: Opportunistic Security

On Sat, 16 Aug 2014, Phillip Hallam-Baker wrote:

For me DANE is the critical piece to understanding how the OS protocol
design pattern can raise the floor without lowering the ceiling and
without encouraging a general reduction of security against active
attacks.  The key lies in DNSSEC's authenticated non-existence
functionality.


???

DANE isn't opportunistic security. It is authenticated security policy
and keys. Thats the opposite of opportunistic.


And this is why OS is a bad term. People still don't see this new term
as meaning "do authenticated encryption protocols when possible, anonymous
encryption with fallback to clear if not".

Paul

<Prev in Thread]	Current Thread	[Next in Thread>
Re: DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment), (continued) Re: DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment), Phillip Hallam-Baker Re: [saag] DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment), Benjamin Kaduk Re: [saag] DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment), Dave Crocker Re: [saag] DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment), Benjamin Kaduk Re: [saag] DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment), Viktor Dukhovni Message not available Message not available Message not available Re: [saag] DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment), Viktor Dukhovni Re: [saag] DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment), Benjamin Kaduk Re: [saag] DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment), Stephen Kent Message not available Message not available Message not available Message not available Message not available Re: [saag] DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment), Stephen Kent RE: [saag] DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment), l.wood Re: DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment), Paul Wouters <= Re: [saag] : Review of: Opportunistic Security -03 preview for comment, Benjamin Kaduk Re: Review of: Opportunistic Security -03 preview for comment, Paul Wouters Re: [saag]: Review of: Opportunistic Security -03 preview for comment, Viktor Dukhovni Re: [saag]: Review of: Opportunistic Security -03 preview for comment, Paul Wouters Re: [saag] : Review of: Opportunistic Security -03 preview for comment, Benjamin Kaduk Re: [saag]: Review of: Opportunistic Security -03 preview for comment, Viktor Dukhovni Re: [saag]: Review of: Opportunistic Security -03 preview for comment, Paul Wouters Re: [saag]: Review of: Opportunistic Security -03 preview for comment, Viktor Dukhovni Re: [saag]: Review of: Opportunistic Security -03 preview for comment, Nico Williams

Re: DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment)