Re: Adept Encryption: Was: [saag] DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment)
Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 21 August 2014 11:08 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D8971A00A8 for <ietf@ietfa.amsl.com>; Thu, 21 Aug 2014 04:08:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.568
X-Spam-Level:
X-Spam-Status: No, score=-2.568 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.668] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZnnTIEL23OSk for <ietf@ietfa.amsl.com>; Thu, 21 Aug 2014 04:08:15 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id E7E3A1A0081 for <ietf@ietf.org>; Thu, 21 Aug 2014 04:08:13 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 15EBFBF14; Thu, 21 Aug 2014 12:08:07 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e2e9ezbnZSq9; Thu, 21 Aug 2014 12:08:06 +0100 (IST)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 79F11BF1D; Thu, 21 Aug 2014 12:07:47 +0100 (IST)
Message-ID: <53F5D303.1090400@cs.tcd.ie>
Date: Thu, 21 Aug 2014 12:07:47 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: dcrocker@bbiw.net
Subject: Re: Adept Encryption: Was: [saag] DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment)
References: <CAMm+Lwh1xzaxqqnnbdgFQrR0pWknsHru8zjnjCMVjihymXtKNw@mail.gmail.com> <alpine.LFD.2.10.1408202100590.6648@bofh.nohats.ca> <53F548E5.2070208@cs.tcd.ie> <53F54F1C.1060405@dcrocker.net>
In-Reply-To: <53F54F1C.1060405@dcrocker.net>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/eYYYzGcBlN0C4PfEROR5BLBHRXU
Cc: IETF Discussion Mailing List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Aug 2014 11:08:24 -0000
Dave, I expect we are not going to agree on this, but that's fine. On 21/08/14 02:45, Dave Crocker wrote: > On 8/20/2014 6:18 PM, Stephen Farrell wrote: >> Personally, I think the probability that we suddenly discover any >> significantly better term is negligible. Not because OS is >> super-good, but rather because nothing is super-good. And >> good-enough should be good-enough here. > > While there has been repeated, quick dismissal of alternative terms, I > don't recall seeing a careful consideration of candidates, with a clear > explanation for the choice(s) made, making clear why it is better (or > why its deficiencies are less onerous than those of the alternatives.) That happened on the saag list before the start of IETF LC. There are quite a few substantive threads on it, I think the first goes back on March 6th this year started by PHB. [1] [1] https://www.ietf.org/mail-archive/web/saag/current/msg04604.html So 5 months ago. In my local folder for saag "opportunistic" matches 332 messages starting there, some were offlist though and some messages got put elsewhere so that number is maybe about right. And before you object and again say that any such discussion in not relevant and that I'm quickly dismissing careful consideration and causally waving something away by being readily directive... ...no, I'm not, (despite the piled-on pejorative prose:-) The fact that we had multiple rounds of discussion on saag about a plethora of suggested terms is entirely relevant here and does I believe indicate that no newly suggested term is likely to be much better, nor is any such term likely to garner much better consensus. You are of course entirely free to believe something else but I think the evidence we have is on my side of this argument. > The problems with 'opportunistic' and with 'security', relative to the > actual content of this draft, have been pointed out repeatedly. They > are significant. > > Rather than again casually waving away a suggested alternative, could we > see a summary consideration of choices, please? > > >> In fact, I'd say so its so negligible that attempting to find such >> (yet again, maybe for the 8th time?) is counterproductive. > > This suggests a view that vocabulary choice does not matter all that > much. For an audience of technical insiders, that's probably true. > Provide definitions and those folk will adjust. > > For a wider audience, words carry quite a lot of baggage and so the > choice of terminology matters. > > Confusing adept and adapt is an example of this latter case. > > So is the considerable ambiguity of the word 'security'. > > >> But that doesn't stop folks genuinely trying seemingly, I guess its >> too tempting a windmill at which to tilt;-) > > Here again, Stephen, one would not expect the cognizant AD to be so > readily directive and dismissive of points being raised seriously and by > a range of different contributors. > > The mere fact that there is such a broad and persistent base of concern > with 'opportunistic security' warrants taking the issue far more seriously. Hmmm. I do not see broad concern. I do see persistent expression of concern from you about this being done without sufficient something (care, seriousness, whatever). I also see some folks saying that we should just publish and get it done. That is all in addition to the good and constructive discussion, involving you and others, with which the above is intertwined, so for me at least, its not a big deal really, just some more mail to get through. S. > > > d/ >
- Adept Encryption: Was: [saag] DANE should be more… Phillip Hallam-Baker
- Re: Adept Encryption: Was: [saag] DANE should be … Paul Wouters
- Re: Adept Encryption: Was: [saag] DANE should be … Stephen Farrell
- Re: Adept Encryption: Was: [saag] DANE should be … Nico Williams
- Re: Adept Encryption: Was: [saag] DANE should be … Dave Crocker
- Re: Adept Encryption: Was: [saag] DANE should be … Scott Kitterman
- RE: Adept Encryption: Was: [saag] DANE should be … l.wood
- Re: Adept Encryption: Was: [saag] DANE should be … Stephen Farrell
- Re: Adept Encryption: Was: [saag] DANE should be … Phillip Hallam-Baker
- Re: Adept Encryption: Was: [saag] DANE should be … Stephen Kent
- Re: Adept Encryption: Was: [saag] DANE should be … Viktor Dukhovni
- Re: Adept Encryption: Was: [saag] DANE should be … Viktor Dukhovni
- Re: [saag] Adept Encryption: Was: DANE should be … Nico Williams
- RE: Adept Encryption: Was: [saag] DANE should be … Christian Huitema
- Re: Adept Encryption: Was: [saag] DANE should be … Nico Williams
- RE: Adept Encryption: Was: [saag] DANE should be … l.wood
- Re: [saag]: Review of: Opportunistic Security -03… Viktor Dukhovni
- Re: [saag] Adept Encryption: Was: DANE should be … Nico Williams
- RE: [saag] Adept Encryption: Was: DANE should be … l.wood
- Re: Adept Encryption: Was: [saag] DANE should be … Stephen Farrell
- Re: [saag] Is opportunistic unauthenticated encry… Viktor Dukhovni
- Re: [saag]: Review of: Opportunistic Security -03… Paul Wouters
- Re: [saag] : Review of: Opportunistic Security -0… Stephen Kent
- Re: [saag] Adept Encryption: Was: DANE should be … Stephen Kent
- RE: [saag] Is opportunistic unauthenticated encry… Bernard Aboba
- Re: [saag] Is opportunistic unauthenticated encry… Theodore Ts'o
- RE: [saag] Is opportunistic unauthenticated encry… Christian Huitema
- Re: [saag] Is opportunistic unauthenticated encry… Nico Williams
- RE: [saag] Is opportunistic unauthenticated encry… Bernard Aboba
- Re: [saag] Is opportunistic unauthenticated encry… Stephen Farrell
- RE: [saag] Is opportunistic unauthenticated encry… Bernard Aboba
- Re: [saag] Is opportunistic unauthenticated encry… Viktor Dukhovni
- Re: [saag] Is opportunistic unauthenticated encry… Stephen Farrell
- Re: [saag] Is opportunistic unauthenticated encry… Fernando Gont
- Re: Is traffic analysis really a target (was Re: … Eric Burger
- Re: Is traffic analysis really a target (was Re: … Michael StJohns
- Re: [saag] Is opportunistic unauthenticated encry… Dave Crocker
- Re: Is traffic analysis really a target (was Re: … Brian E Carpenter
- Re: [saag] Is opportunistic unauthenticated encry… joel jaeggli
- Re: [saag] Is opportunistic unauthenticated encry… Fernando Gont
- Re: [saag] Is opportunistic unauthenticated encry… joel jaeggli
- Re: [saag] Is opportunistic unauthenticated encry… Fernando Gont
- Re: Is traffic analysis really a target (was Re: … Mark Andrews
- Re: [saag] Is traffic analysis really a target (w… Henry B (Hank) Hotz, CISSP
- Re: Is traffic analysis really a target (was Re: … Ted Hardie
- RE: [saag] Is opportunistic unauthenticated encry… Hosnieh Rafiee
- Re: Is traffic analysis really a target (was Re: … Brian E Carpenter
- Re: Is traffic analysis really a target (was Re: … Nico Williams
- Re: Is traffic analysis really a target (was Re: … Eric Burger