On Fri, 22 Aug 2014, Viktor Dukhovni wrote:
On Fri, Aug 22, 2014 at 05:25:17AM +0000,
l(_dot_)wood(_at_)surrey(_dot_)ac(_dot_)uk wrote:
Okay, so with opportunistic security, all a man in the middle
has to do is block any communications he can't decrypt, and it
automatically downgrades to select something he can break?
And without OS, he need not do anything at all, because the vast
majority of the traffic is cleartext. However OS can support
downgrade resistant modes of operation, given appropriately secure
out-of-band signalling, (possibly DANE/DNSSEC).
OS is not an effort to displace already working authenticated
encrypted traffic.
What this little exchange above here shows is that people involved in
this dicsussion _still_ don't know whether "OS" is just the anonymous
crypto or whether includes the "design pattern recommendation advise"
of using authenticated encryption if available.
If the people who agree to "just publish it" cannot even keep their
usage straight, I'd say the document needs more work.....
Paul