IETF Logo Mail Archive

Re: [ietf-privacy] "Opportunistic encryption" and a need for a definition

Stephane Bortzmeyer <bortzmeyer@nic.fr> Tue, 19 November 2013 10:29 UTC

Return-Path: <bortzmeyer@nic.fr>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82B371ADBF7 for <ietf-privacy@ietfa.amsl.com>; Tue, 19 Nov 2013 02:29:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.075
X-Spam-Level:
X-Spam-Status: No, score=-2.075 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_FR=0.35, RP_MATCHES_RCVD=-0.525] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WYqdI0sMp0YO for <ietf-privacy@ietfa.amsl.com>; Tue, 19 Nov 2013 02:29:26 -0800 (PST)
Received: from mx4.nic.fr (mx4.nic.fr [IPv6:2001:67c:2218:2::4:12]) by ietfa.amsl.com (Postfix) with ESMTP id 583A01ADBE8 for <ietf-privacy@ietf.org>; Tue, 19 Nov 2013 02:29:26 -0800 (PST)
Received: from mx4.nic.fr (localhost [127.0.0.1]) by mx4.nic.fr (Postfix) with SMTP id 214482801B6; Tue, 19 Nov 2013 11:29:20 +0100 (CET)
Received: from relay2.nic.fr (relay2.nic.fr [192.134.4.163]) by mx4.nic.fr (Postfix) with ESMTP id 1C13228019F; Tue, 19 Nov 2013 11:29:20 +0100 (CET)
Received: from bortzmeyer.nic.fr (batilda.nic.fr [IPv6:2001:67c:1348:8::7:113]) by relay2.nic.fr (Postfix) with ESMTP id E7652B38038; Tue, 19 Nov 2013 11:28:21 +0100 (CET)
Date: Tue, 19 Nov 2013 11:28:21 +0100
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Eliot Lear <lear@cisco.com>
Message-ID: <20131119102821.GA17434@nic.fr>
References: <20131119093343.GA9282@nic.fr> <528B31B4.5050005@cisco.com> <20131119094626.GA11078@nic.fr> <528B3790.2020302@cs.tcd.ie> <20131119100653.GA14012@nic.fr> <528B3C72.10604@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <528B3C72.10604@cisco.com>
X-Operating-System: Debian GNU/Linux 7.2
X-Kernel: Linux 3.2.0-4-686-pae i686
Organization: NIC France
X-URL: http://www.nic.fr/
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: ietf-privacy@ietf.org
Subject: Re: [ietf-privacy] "Opportunistic encryption" and a need for a definition
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-privacy/>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Nov 2013 10:29:27 -0000

On Tue, Nov 19, 2013 at 11:24:50AM +0100,
 Eliot Lear <lear@cisco.com> wrote 
 a message of 20 lines which said:

> OE may have other very valid uses 

The problem is not with the concept, it is with the
words. "opportunistic encryption" is used in many places but poorly
defined and many fights erupt because people do not actually
understand the same thing when they hear "opportunistic encryption".

What I suggest is to stop using this terme and instead to say:

1) "Encryption on demand" Encryption without a peer-specific
arrangement. This is the meaning used in RFC 4322. Can be safe.

2) "Encryption without authentication". This is the meaning used in RFC
5386. Safe only against a purely passive attacker.

3) "Encryption with a fallback" (to unencrypted mode). This is the
Wikipedia definition. Certainly unsafe.

v2.23.0 | Report a Bug | By Email