On 2004, Sep 11, , at 17:20, Sandy Harris wrote:
Zooko O'Whielcronx wrote:
I believe that in the context of e-mail [1, 2, 3, 4] and FreeSWAN this is called "opportunistic encryption".
That is certainly not what FreeS/WAN meant by "opportunistic encryption".
http://www.freeswan.org/freeswan_trees/freeswan-1.99/doc/ glossary.html#carpediem
That link leads to the following definition: "A situation in which any two IPsec-aware machines can secure their communications, without a pre-shared secret and without a common PKI or previous exchange of public keys. This is one of the goals of the Linux FreeS/WAN project, discussed in our introduction section. Setting up for opportunistic encryption is described in our configuration document."
This definition is indeed consistent with the concept that we are discussing.
If FreeS/WAN's implementation boils down to using DNS as a common PKI that is too bad, but their definition (which explicitly excludes a common PKI) seems to be the same as mine.
This concept is too important to go without a name. Currently the best way to tell your interlocutor what concept you are talking about seems to be "you know, the way SSH does it, with the first-time-unauthenticated public key exchange....". I heartily approve of Peter Gutmann's suggestion to write an RFC for it.
Regards,
Zooko
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
