Re: [dane] [saag] Need better opportunistic terminology
Michael Richardson <mcr+ietf@sandelman.ca> Wed, 12 March 2014 21:13 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C17D81A074A; Wed, 12 Mar 2014 14:13:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.019
X-Spam-Level: *
X-Spam-Status: No, score=1.019 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FH_RELAY_NODNS=1.451, RDNS_NONE=0.793, SPF_SOFTFAIL=0.665, T_TVD_MIME_NO_HEADERS=0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TPZLHmmq7GAv; Wed, 12 Mar 2014 14:13:49 -0700 (PDT)
Received: from tuna.sandelman.ca (unknown [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) by ietfa.amsl.com (Postfix) with ESMTP id 9C75B1A0644; Wed, 12 Mar 2014 14:13:44 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 552012002F; Wed, 12 Mar 2014 18:32:38 -0400 (EDT)
Received: by sandelman.ca (Postfix, from userid 179) id 67DFF647C9; Wed, 12 Mar 2014 17:13:38 -0400 (EDT)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 5585C647C8; Wed, 12 Mar 2014 17:13:38 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
In-Reply-To: <5320C932.3010107@cs.tcd.ie>
References: <CAMm+LwjF9To+w3K4RR=72BbLNE2hJa9CibWOEARYmODiuFNu9g@mail.gmail.com> <082D04F9-DBB4-4492-BE91-C4E3616AC24D@isi.edu> <531F85D5.2070209@bbn.com> <531F8A53.1040103@isi.edu> <531F8E5F.8030705@isi.edu> <20140312062756.GN11878@anguilla.noreply.org> <3454.1394657237@sandelman.ca> <5320C932.3010107@cs.tcd.ie>
X-Mailer: MH-E 8.2; nmh 1.3-dev; GNU Emacs 23.4.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Date: Wed, 12 Mar 2014 17:13:38 -0400
Message-ID: <10021.1394658818@sandelman.ca>
Sender: mcr@sandelman.ca
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/XDJE4Qru7X36QbR01haZG5M2Qdg
Cc: Peter Palfrader <peter@palfrader.org>, saag <saag@ietf.org>, dane@ietf.org
Subject: Re: [dane] [saag] Need better opportunistic terminology
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Mar 2014 21:13:50 -0000
Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > On 03/12/2014 08:47 PM, Michael Richardson wrote: >> The part that we are all discussing is determining how (much) to >> trust the DH results. > I don't think that's a very accurate characterisation > to be honest. > I think the most relevant (but intertwined) factors are: > - trading off ease of deployment vs. endpoint authentication > - trading off protection against passive vs active attack > - better separating key exchange from endpoint authentication > so that traditional authentication or TOFU or whatever can > be used before during or after key exchange But, you made my point. While the end user sees the overall benefit is: my traffic can not seen The problems and challenges that we have are not in how or even when to apply AES, it's how/when to do the DH. To the end user, having the word "encryption" in the terminology is useful because it tells them why they should pay attention to it. To us, it's a red-herring, because it's not where the issue is. You listed the issues. (BTW: my TLA cache is failing on "TOFU") -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting for hire =-
- Re: [dane] Need better opportunistic terminology Viktor Dukhovni
- [dane] Need better opportunistic terminology Phillip Hallam-Baker
- Re: [dane] [saag] Need better opportunistic termi… Joe Touch
- Re: [dane] Need better opportunistic terminology Viktor Dukhovni
- Re: [dane] Need better opportunistic terminology Michael Richardson
- Re: [dane] Need better opportunistic terminology Viktor Dukhovni
- Re: [dane] [saag] Need better opportunistic termi… Stephen Kent
- Re: [dane] [saag] Need better opportunistic termi… Joe Touch
- Re: [dane] [saag] Need better opportunistic termi… Joe Touch
- Re: [dane] [saag] Need better opportunistic termi… Michael Richardson
- Re: [dane] [saag] Need better opportunistic termi… Peter Palfrader
- Re: [dane] [saag] Need better opportunistic termi… Tony Finch
- Re: [dane] [saag] Need better opportunistic termi… Stephen Farrell
- Re: [dane] [saag] Need better opportunistic termi… Paul Lambert
- Re: [dane] [saag] Need better opportunistic termi… Stephen Kent
- Re: [dane] Need better opportunistic terminology Tony Finch
- Re: [dane] [saag] Need better opportunistic termi… Joe Touch
- Re: [dane] [saag] Need better opportunistic termi… Stephen Farrell
- Re: [dane] [saag] Need better opportunistic termi… Nico Williams
- Re: [dane] [saag] Need better opportunistic termi… Joe Touch
- Re: [dane] [saag] Need better opportunistic termi… Joe Touch
- Re: [dane] [saag] Need better opportunistic termi… Michael Richardson
- Re: [dane] [saag] Need better opportunistic termi… Stephen Farrell
- Re: [dane] [saag] Need better opportunistic termi… Michael Richardson
- Re: [dane] [saag] Need better opportunistic termi… Stephen Farrell
- Re: [dane] [saag] Need better opportunistic termi… Stephen Kent
- Re: [dane] [saag] Need better opportunistic termi… Stephen Kent
- Re: [dane] [saag] Need better opportunistic termi… Joe Touch
- Re: [dane] [saag] Need better opportunistic termi… Viktor Dukhovni
- Re: [dane] [saag] Need better opportunistic termi… Phillip Hallam-Baker
- Re: [dane] [saag] Need better opportunistic termi… Derek Atkins
- Re: [dane] [saag] Need better opportunistic termi… Paul Lambert
- Re: [dane] [saag] Need better opportunistic termi… Derek Atkins
- Re: [dane] [saag] Need better opportunistic termi… Stephen Farrell
- Re: [dane] [saag] Need better opportunistic termi… Nico Williams
- Re: [dane] [saag] Need better opportunistic termi… Olle E. Johansson
- Re: [dane] [saag] Need better opportunistic termi… Tony Finch
- Re: [dane] [saag] Need better opportunistic termi… Joe Touch