Re: [dane] [saag] Need better opportunistic terminology

Stephen Farrell <> Wed, 12 March 2014 21:46 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 2A5491A0685; Wed, 12 Mar 2014 14:46:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.447
X-Spam-Status: No, score=-2.447 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.547] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id eMnFudP965WB; Wed, 12 Mar 2014 14:46:56 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 2C2381A0733; Wed, 12 Mar 2014 14:46:56 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id B4F37BE51; Wed, 12 Mar 2014 21:46:49 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ESecBKXOHD61; Wed, 12 Mar 2014 21:46:48 +0000 (GMT)
Received: from [] (unknown []) by (Postfix) with ESMTPSA id 3BFE6BE29; Wed, 12 Mar 2014 21:46:48 +0000 (GMT)
Message-ID: <>
Date: Wed, 12 Mar 2014 21:46:48 +0000
From: Stephen Farrell <>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Michael Richardson <>
References: <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: Peter Palfrader <>, saag <>,
Subject: Re: [dane] [saag] Need better opportunistic terminology
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 12 Mar 2014 21:46:59 -0000

Hash: SHA1


On 03/12/2014 09:13 PM, Michael Richardson wrote:
> Stephen Farrell <> wrote:
>> On 03/12/2014 08:47 PM, Michael Richardson wrote:
>>> The part that we are all discussing is determining how (much)
>>> to trust the DH results.
>> I don't think that's a very accurate characterisation to be
>> honest.
>> I think the most relevant (but intertwined) factors are:
>> - trading off ease of deployment vs. endpoint authentication -
>> trading off protection against passive vs active attack - better
>> separating key exchange from endpoint authentication so that
>> traditional authentication or TOFU or whatever can be used before
>> during or after key exchange
> But, you made my point.

Well yes and no, we're agreeing and almost but not quite
discussing the same things I figure, let's see if that
continues... :-)

> While the end user sees the overall benefit is: my traffic can not
> seen
> The problems and challenges that we have are not in how or even
> when to apply AES,


> it's how/when to do the DH.

"How" to do DH is pretty much the same everywhere or at least
the diffs are not relevant for a generic terminology draft.

"When" is I think as-soon-as-you-can (modulo amortizing DH over
multiple "sessions" or similar).

I think our challenges are not in when to do DH but in how that
relates to when we might do what forms of endpoint authentication
(or none) and the consequences of each of those options.

That's why I think a generic terminology draft will be useful, as
there are lots of potential combinations. Naming each (or whatever)
will make it easier for protocol developers to argue about what's
suitable for their particular environments.

For example, in the limit, I think it'd be worth thinking about
whether a post-facto MITM detection protocol perhaps run a day or
two later might have value. That'd be more of a research topic
really, but could still represent a form of useful endpoint
authentication even if it only detected a MITM with say a 1%
probability. Think of Alice and Bob depositing a witness pair
derived from the DH secret and some HASH(shared-info + application
traffic) some place(s) so someone (else) could detect if there
was a Charlie in the middle. (BTW: I'm not sure such a useful
generic protocol exists, but it'd be fun to work it out.)

> To the end user, having the word "encryption" in the terminology is
> useful because it tells them why they should pay attention to it.

Good point. Maybe that's why folks keep coming back to OE
as a term.

> To us, it's a red-herring, because it's not where the issue is.

Also true.


> You listed the issues.
> (BTW: my TLA cache is failing on "TOFU")
> -- Michael Richardson <>ca>, Sandelman Software
> Works -= IPv6 IoT consulting for hire =-
Version: GnuPG v1.4.14 (GNU/Linux)