Hi Eliot, Apropos to your suggestion...
What about MTnI (mandatory to not implement) or MTB (mandatory to break)? Public networks and services have been subject to governmental controls on encryption by every country in international law since 1850. Individuals and small groups may be able to skirt the requirements, but not commercial or institutional providers. Seems like a bit of a scaling challenge? --tony Eliot Lear <[email protected]> wrote: >Stephen wrote: > >> I think the path forward is more like making opportunistic >> security mechanisms (in particular confidentiality) more-than-MTI >> in a way that builds in some security (against passive attacks) >> as an inherent feature of new protocols, but also results in >> a far easier transition from there to fully authenticated, >> compared to the massive gap between cleartext and fully >> authenticated. > >Teasing out OE from other potential tasks is a good thing; of that I'm >convinced. Whether it's more than MTI *or even MTI* depends on what >recommendations can be made regarding how to do it. A draft there would >be most welcome (I've heard that some are thinking about doing something >with OTR). > >Eliot >_______________________________________________ >perpass mailing list >[email protected] >https://www.ietf.org/mailman/listinfo/perpass _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
