Re: [saag] Is opportunistic unauthenticated encryption a waste of time?

ietf

Re: [saag] Is opportunistic unauthenticated encryption a waste of time?

2014-08-23 16:06:25

On Sat, Aug 23, 2014 at 09:33:27PM +0100, Stephen Farrell wrote:

However, say we're wrong and someone who thinks OS is a waste
of time is actually correct, what would such a person recommend
that we do as well as, or instead of, OS?


For the record I started work on "opportunistic DANE TLS", in March
2013, well before PM became a major concern.  It was designed as
a way to scalably enable authentication in SMTP, by making that
opportunistic (enabled peer by peer as DANE TLSA RRs are deployed).

So I see OS as a strategy to incrementally broaden both the use of
encryption AND the use of authentication.

Whether protocols other than MTA-to-MTA SMTP can implement OS *with*
authentication remains to be seen.  I hope that will prove possible
over time.  For mobile device applications, we may have to wait
for the DNSSEC "last mile problem" to be largely addressed before
significant progress in that direction can be made.

-- 
        Viktor.

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Is traffic analysis really a target (was Re: [saag] Is opportunistic unauthenticated encryption a waste of time?), (continued) Re: Is traffic analysis really a target (was Re: [saag] Is opportunistic unauthenticated encryption a waste of time?), Ted Hardie Re: Is traffic analysis really a target (was Re: [saag] Is opportunistic unauthenticated encryption a waste of time?), Mark Andrews Re: [saag] Is traffic analysis really a target (was Re: Is opportunistic unauthenticated encryption a waste of time?), Henry B (Hank) Hotz, CISSP Re: [saag] Is opportunistic unauthenticated encryption a waste of time?, Fernando Gont Re: [saag] Is opportunistic unauthenticated encryption a waste of time?, Dave Crocker Re: [saag] Is opportunistic unauthenticated encryption a waste of time?, joel jaeggli Re: [saag] Is opportunistic unauthenticated encryption a waste of time?, Fernando Gont Re: [saag] Is opportunistic unauthenticated encryption a waste of time?, joel jaeggli Re: [saag] Is opportunistic unauthenticated encryption a waste of time?, Fernando Gont RE: [saag] Is opportunistic unauthenticated encryption a waste of time?, Hosnieh Rafiee Re: [saag] Is opportunistic unauthenticated encryption a waste of time?, Viktor Dukhovni <= Re: [saag] Adept Encryption: Was: DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment), Stephen Kent RE: Adept Encryption: Was: [saag] DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment), Christian Huitema Re: Adept Encryption: Was: [saag] DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment), Nico Williams Re: Adept Encryption: Was: [saag] DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment), Stephen Farrell Re: Adept Encryption: Was: [saag] DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment), Scott Kitterman

Previous by Date:	RE: [saag] Is opportunistic unauthenticated encryption a waste of time?, Bernard Aboba
Next by Date:	Re: [saag] Is opportunistic unauthenticated encryption a waste of time?, Stephen Farrell
Previous by Thread:	RE: [saag] Is opportunistic unauthenticated encryption a waste of time?, Hosnieh Rafiee
Next by Thread:	Re: [saag] Adept Encryption: Was: DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment), Stephen Kent
Indexes:	[Date] [Thread] [Top] [All Lists]