On Tue, Aug 19, 2014 at 04:42:07PM -0400, Benjamin Kaduk wrote:
I, for one, have been trying to do so.
As a case in point, we seem to have some concern that the term
"authenticated encryption" is poorly defined or confusing or otherwise
problematic.
In
https://github.com/kaduk/saag/commit/1e10ebc320d1a4d13dd0c693b07bba2492aa1947
, I propose to define a new term "authenticated connection" and define
authenticated and unauthenticated encryption in terms of whether or not
the encrypted data is transiting an authenticated connection. By
separating the two security mechanisms, I think that the potential for
confusion is reduced.
Based on Steve Kent's earlier suggestion, I had updated my
work-in-progress document to avoid the problematic term.
Note, in many cases what we have is "authenticated sessions". Not
all protocols are "connection oriented", and notably TLS supports
session resumption. So "authenticated connection" is perhaps not
optimal. I had used "authenticated encrypted communication" as
suggested, but will see whether that is still needed after further
suggested revisions.
Thanks for the concrete feedback, it is much easier to work with
suggested text than without.
--
Viktor.