[Long quiet time on this list, time to resume discussions.] In draft-cooper-ietf-privacy-requirements-01, I find:
"Opportunistic encryption" is defined as encryption without any pre- arrangement specific to the pair of systems involved (e.g., by using a Diffie-Hellman exchange). See [RFC4322]. I find this definition confusing (specially the reference to DH) because it does not match the rest of the text which says: Where both opportunistic and one-sided or mutually authenticated encryption are specified, protocols MUST also protect against downgrade attacks so that scenarios where authentication is required cannot easily be manipulated into using opportunistic encryption which will often be subject to man-in-the-middle attacks. The second paragraph seems to use OE as meaning "encryption without authentication" (which is indeed vulnerable to man-in-the-middle attacks). This is also how "opportunistic" is used in RFC 5386. The first paragraph (and RFC 4322) have a different meaning, OE being "encryption without peer-specific setup" (and therefore being authenticated, and not vulnerable to man-in-the-middle attacks). The discussions in Vancouver were very confused as well. Everyone was talking about OE but with a different definition in mind. I strongly suggest that we need either to have one definition and to stick with it (the current draft is self-contradictory). Or to give in and to stop using the term OE, poorly defined, and too loaded. Do not that Wikipedia has a third definition of OE (encryption with a fallback to an unencrypted mode) http://en.wikipedia.org/wiki/Opportunistic_encryption _______________________________________________ ietf-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-privacy
