Re: [dane] [saag] Need better opportunistic terminology

Joe Touch <touch@isi.edu> Tue, 11 March 2014 22:30 UTC

Return-Path: <touch@isi.edu>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 744A81A066A; Tue, 11 Mar 2014 15:30:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.447
X-Spam-Level:
X-Spam-Status: No, score=-2.447 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.547] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u5iyaMw7ZLOl; Tue, 11 Mar 2014 15:30:15 -0700 (PDT)
Received: from darkstar.isi.edu (darkstar.isi.edu [128.9.128.127]) by ietfa.amsl.com (Postfix) with ESMTP id 13E7C1A0834; Tue, 11 Mar 2014 15:30:15 -0700 (PDT)
Received: from [128.9.160.166] (abc.isi.edu [128.9.160.166]) (authenticated bits=0) by darkstar.isi.edu (8.13.8/8.13.8) with ESMTP id s2BMTp7Y024410 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 11 Mar 2014 15:29:52 -0700 (PDT)
Message-ID: <531F8E5F.8030705@isi.edu>
Date: Tue, 11 Mar 2014 15:29:51 -0700
From: Joe Touch <touch@isi.edu>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Stephen Kent <kent@bbn.com>, dane@ietf.org, saag <saag@ietf.org>
References: <CAMm+LwjF9To+w3K4RR=72BbLNE2hJa9CibWOEARYmODiuFNu9g@mail.gmail.com> <082D04F9-DBB4-4492-BE91-C4E3616AC24D@isi.edu> <531F85D5.2070209@bbn.com> <531F8A53.1040103@isi.edu>
In-Reply-To: <531F8A53.1040103@isi.edu>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/nEH4-pO15ZRFYF5hnUIOni2MYBs
Subject: Re: [dane] [saag] Need better opportunistic terminology
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Mar 2014 22:30:16 -0000

On 3/11/2014 3:12 PM, Joe Touch wrote:
> Hi, Steve,
....
>> I have
>> suggested "opportunistic keying" as a preferred term, since its the
>> key management, not the encryption per se, that distinguishes other
>> proposed modes of operation for IPsec, TLS, etc.
>
> I agree if you're replacing OE with OK ;-)

One clarification: I don't see the use of unauthenticated keying as 
opportunistic in any sense of the word.

Opportunistic would mean making an assumption that might be wrong, but 
when it's right it saves time/effort.

There's no savings here; by using unauthenticated key exchange, you're 
really just lowering the bar.

That said, I don't like the term "anonymous encryption" because it 
implies identity hiding, which isn't the purpose either.

Why not just use the term "unauthenticated encryption", when that's 
exactly what's happening?

Joe