Re: [dane] Need better opportunistic terminology

Tony Finch <dot@dotat.at> Wed, 12 March 2014 13:44 UTC

Return-Path: <fanf2@hermes.cam.ac.uk>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4189C1A0722; Wed, 12 Mar 2014 06:44:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.447
X-Spam-Level:
X-Spam-Status: No, score=-2.447 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.547] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wynhn76LWT82; Wed, 12 Mar 2014 06:44:24 -0700 (PDT)
Received: from ppsw-40.csi.cam.ac.uk (ppsw-40-v6.csi.cam.ac.uk [IPv6:2001:630:212:8::e:f40]) by ietfa.amsl.com (Postfix) with ESMTP id 8881E1A0715; Wed, 12 Mar 2014 06:44:24 -0700 (PDT)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/
Received: from hermes-1.csi.cam.ac.uk ([131.111.8.51]:35693) by ppsw-40.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.156]:25) with esmtpa (EXTERNAL:fanf2) id 1WNjSB-0002RZ-kK (Exim 4.82_3-c0e5623) (return-path <fanf2@hermes.cam.ac.uk>); Wed, 12 Mar 2014 13:44:15 +0000
Received: from fanf2 by hermes-1.csi.cam.ac.uk (hermes.cam.ac.uk) with local id 1WNjSB-00045M-91 (Exim 4.72) (return-path <fanf2@hermes.cam.ac.uk>); Wed, 12 Mar 2014 13:44:15 +0000
Date: Wed, 12 Mar 2014 13:44:15 +0000
From: Tony Finch <dot@dotat.at>
X-X-Sender: fanf2@hermes-1.csi.cam.ac.uk
To: Viktor Dukhovni <viktor1dane@dukhovni.org>
In-Reply-To: <20140309195512.GQ21390@mournblade.imrryr.org>
Message-ID: <alpine.LSU.2.00.1403121341370.18502@hermes-1.csi.cam.ac.uk>
References: <CAMm+LwjF9To+w3K4RR=72BbLNE2hJa9CibWOEARYmODiuFNu9g@mail.gmail.com> <20140307004432.GH21390@mournblade.imrryr.org> <531B6D43.7030806@stpeter.im> <20140309195512.GQ21390@mournblade.imrryr.org>
User-Agent: Alpine 2.00 (LSU 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: Tony Finch <fanf2@hermes.cam.ac.uk>
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/WPIUXRVgP_3vfG6zxn478_HNj7Q
Cc: saag@ietf.org, dane@ietf.org
Subject: Re: [dane] Need better opportunistic terminology
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Mar 2014 13:44:26 -0000

Viktor Dukhovni <viktor1dane@dukhovni.org> wrote:
>
> The result is in a way doubly "opportunistic".  Not only is DANE
> employed when possible (downgrade-resistant modulo DNSSEC compromise),
> but when DANE is not applicable, unauthenticated TLS is employed
> when possible (passive attack resistant, but vulnerable to MITM
> attacks).

I think what you are describing is just protocol feature negotiation and
so it does not need a special term. We don't talk about opportunistic
cipher suites, for example.

Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/
Fair Isle: Southwesterly veering westerly 5 to 7, but 4 at first in southeast,
perhaps gale 8 later in west. Moderate or rough, occasionally very rough in
northwest. Rain later. Moderate or good.