[dane] Need better opportunistic terminology
Phillip Hallam-Baker <hallam@gmail.com> Thu, 06 March 2014 09:23 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FADB1A0178; Thu, 6 Mar 2014 01:23:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iw7TOtBtsx-y; Thu, 6 Mar 2014 01:23:28 -0800 (PST)
Received: from mail-la0-x230.google.com (mail-la0-x230.google.com [IPv6:2a00:1450:4010:c03::230]) by ietfa.amsl.com (Postfix) with ESMTP id 871231A0189; Thu, 6 Mar 2014 01:23:27 -0800 (PST)
Received: by mail-la0-f48.google.com with SMTP id gf5so1549770lab.35 for <multiple recipients>; Thu, 06 Mar 2014 01:23:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=jFbYMBmDPSk/cZ2XQuBNbkpCX4E57uDJDRQ0ZYPC88Q=; b=LjYHQAuhDtE88s5DeVyawSu4O25lb5me/WBHvSSw5FTT4YM7M6/9ATqWVs7tty5DnO EPcmFKzGcolFSH2OXNdHT/SnklAr+MQZYRt5Nlg6VzmCCcM3XnlxKZjEGSQIq7+upObo 0jI8LXkNC2HhJ/9+XgcZ+NGno7BMRT2O7rygNe3ZDPlP3zYkMwV9o5NB17aOOEXfYXzZ W6FuyNHdhqgVQk3f1iPd5yVv8ryVsXFDNyAVXjh/Y0l5DexTV1dxB27Fg8cc3o1vKKzZ 4nYeOOob9zJ8zJtihCky4S58uqItJWb8tA6eyMKYLio1N59WgP/sIM7hG5W6wxUJkDtb nWuA==
MIME-Version: 1.0
X-Received: by 10.112.161.133 with SMTP id xs5mr723319lbb.51.1394097803060; Thu, 06 Mar 2014 01:23:23 -0800 (PST)
Received: by 10.112.37.168 with HTTP; Thu, 6 Mar 2014 01:23:23 -0800 (PST)
Date: Thu, 06 Mar 2014 09:23:23 +0000
Message-ID: <CAMm+LwjF9To+w3K4RR=72BbLNE2hJa9CibWOEARYmODiuFNu9g@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: "saag@ietf.org" <saag@ietf.org>, "dane@ietf.org" <dane@ietf.org>
Content-Type: multipart/alternative; boundary="001a11c3c042556c1004f3ecb03d"
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/wTsD-e1S-2-_ufP6NfNXyfj_rzk
Subject: [dane] Need better opportunistic terminology
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Mar 2014 09:23:31 -0000
The term opportunistic has become the new synonym for 'Good' but it is being used for many different things. A) Unauthenticated key exchange B) Upgrade from plaintext to encrypted without controlling security policy requiring use of encryption. C) Silent-fail on bad credentials D) Silent-success on bad credentials There are arguments for all of these but I am just watching a presentation on 'opportunistic encryption' in DANE and I think the term is selling DANE short. DNS is an authoritative path for statements about DNS labels. Ergo authenticated DNS RRs are authenticated statements about them. DANE provides authenticated statements about security policy and keys. Ergo DANE cannot support opportunistic encryption because it is policy directed encryption (i.e. better). -- Website: http://hallambaker.com/
- Re: [dane] Need better opportunistic terminology Viktor Dukhovni
- [dane] Need better opportunistic terminology Phillip Hallam-Baker
- Re: [dane] [saag] Need better opportunistic termi… Joe Touch
- Re: [dane] Need better opportunistic terminology Viktor Dukhovni
- Re: [dane] Need better opportunistic terminology Michael Richardson
- Re: [dane] Need better opportunistic terminology Viktor Dukhovni
- Re: [dane] [saag] Need better opportunistic termi… Stephen Kent
- Re: [dane] [saag] Need better opportunistic termi… Joe Touch
- Re: [dane] [saag] Need better opportunistic termi… Joe Touch
- Re: [dane] [saag] Need better opportunistic termi… Michael Richardson
- Re: [dane] [saag] Need better opportunistic termi… Peter Palfrader
- Re: [dane] [saag] Need better opportunistic termi… Tony Finch
- Re: [dane] [saag] Need better opportunistic termi… Stephen Farrell
- Re: [dane] [saag] Need better opportunistic termi… Paul Lambert
- Re: [dane] [saag] Need better opportunistic termi… Stephen Kent
- Re: [dane] Need better opportunistic terminology Tony Finch
- Re: [dane] [saag] Need better opportunistic termi… Joe Touch
- Re: [dane] [saag] Need better opportunistic termi… Stephen Farrell
- Re: [dane] [saag] Need better opportunistic termi… Nico Williams
- Re: [dane] [saag] Need better opportunistic termi… Joe Touch
- Re: [dane] [saag] Need better opportunistic termi… Joe Touch
- Re: [dane] [saag] Need better opportunistic termi… Michael Richardson
- Re: [dane] [saag] Need better opportunistic termi… Stephen Farrell
- Re: [dane] [saag] Need better opportunistic termi… Michael Richardson
- Re: [dane] [saag] Need better opportunistic termi… Stephen Farrell
- Re: [dane] [saag] Need better opportunistic termi… Stephen Kent
- Re: [dane] [saag] Need better opportunistic termi… Stephen Kent
- Re: [dane] [saag] Need better opportunistic termi… Joe Touch
- Re: [dane] [saag] Need better opportunistic termi… Viktor Dukhovni
- Re: [dane] [saag] Need better opportunistic termi… Phillip Hallam-Baker
- Re: [dane] [saag] Need better opportunistic termi… Derek Atkins
- Re: [dane] [saag] Need better opportunistic termi… Paul Lambert
- Re: [dane] [saag] Need better opportunistic termi… Derek Atkins
- Re: [dane] [saag] Need better opportunistic termi… Stephen Farrell
- Re: [dane] [saag] Need better opportunistic termi… Nico Williams
- Re: [dane] [saag] Need better opportunistic termi… Olle E. Johansson
- Re: [dane] [saag] Need better opportunistic termi… Tony Finch
- Re: [dane] [saag] Need better opportunistic termi… Joe Touch