Oh *man* I’m going to regret this.
Hi. Jumping randomly into this conversation from the point of view of someone
who is fascinated by the dynamics but, yes, _has not read the draft_, I’d like
to observe something.
On Aug 15, 2014, at 2:14 PM, Viktor wrote:
<D. Crocker’s definition:
[D. Crocker] Opportunism is the flexibility to use less-stringent
protection,
when stronger protection is not possible.
This is a definition of something else. That something is not the
subject of the draft. […]
The subject is introducing the OS design pattern. The OS design
pattern as introduced, is to set a least common denominator baseline
(crypto)security policy (that might well be cleartext) and from
there do better whenever possible for each peer.
From my point of view, these two wordings are indistinguishable. Setting a
least common denominator and doing better whenever possible *is* using
less-stringent protection when stronger protection is not available. I
understand there’s nuance, relating to per-peer (which I think everyone agrees
with), to the multiple dimensions of protection, and to whether “none” is a
variant of “least” or not. But IMO, fundamentally these two sentences say the
same thing. If the intent is that they don’t, *very* different words may be
needed.
Similarly,
On Aug 15, 2014, at 1:48 PM, Pete Resnick
<presnick(_at_)qti(_dot_)qualcomm(_dot_)com> wrote:
Hatless...
[…]
Opportunism here is to take the opportunity to do the *best* encryption you
can do. If the other end advertises authenticated encryption, you take the
opportunity to do authenticated encryption. If that's unavailable but you can
do unauthenticated encryption, that's the best you can do and you
opportunistically do that. […]
[Crocker, again] Opportunism is the flexibility to use less-stringent
protection, when stronger protection is not possible.
Using less-stringent protection when stronger protection is not available is
not an "opportunity". It's a compromise.
Again, to my mind there is *no difference* between the words "If X is
unavailable but you can do Y, that's the best you can do and you
opportunistically do that” and the words "Using less-stringent protection when
stronger protection is not available …”, yet in one case it’s being given as an
example and in the other case it’s being stated as an incorrect non-example.
“this won’t do”, as they say.
To be clear: I am not at all meaning to pick on Victor or Pete or Dave
specifically. But I thought it might be useful to mention that from the
perspective of someone who’s randomly walked into the back of the virtual room
and is trying to understand things just from the emails, you guys are saying
exactly the same thing, and then claiming you aren’t.
cheers
john