First off, thank you for your efforts on this draft! I have a concerns in that the sum of what is presented in the recommendations document basically says that all emerging IETF protocols must required consideration for opportunistic encryption, and that unless this opportunistic encryption is anonymous in nature, the protocol cannot fallback to a non-encrypted state.
I see no discussion on encryption costs, particularly relative to performance. In an analogy, any valid assessment of a cryptographic algorithm includes an analysis of cost relative to the number of cycles needed for its performance. If emerging protocols must include crypto functions, a statement of the cost of the crypto function, at a minimum relative to the non-crypto functions and who bears these costs. I am concerned that the exception statement regarding the elimination or severe-diminishment of utility is insufficient to prevent the emergence of bloated protocols with little practical value. I feel that we are suggesting a band-aid approach to applying opportunistic encryption to protocol design. It basically says, build a protocol, add encryption where you can. It does not say that the protection of privacy data from passive surveillance is an inherent design goal for the protocol. I feel it is important that we see this was a philosophical change, and not an onerous, and therefore marginalized, task. Is a NULL crypto algorithm acceptable, relative to the goals of this BCP? Can implementers get away with performing NULL opportunistic encryption of a protocol that provides it, as opposed to not performing encryption (yes, there is a difference)? Thank you for your consideration, and I look forward to all queries and replies Cheers! Ed Lopez *** Please note that this message and any attachments may contain confidential and proprietary material and information and are intended only for the use of the intended recipient(s). If you are not the intended recipient, you are hereby notified that any review, use, disclosure, dissemination, distribution or copying of this message and any attachments is strictly prohibited. If you have received this email in error, please immediately notify the sender and destroy this e-mail and any attachments and all copies, whether electronic or printed. Please also note that any views, opinions, conclusions or commitments expressed in this message are those of the individual sender and do not necessarily reflect the views of Fortinet, Inc., its affiliates, and emails are not binding on Fortinet and only a writing manually signed by Fortinet's General Counsel can be a binding commitment of Fortinet to Fortinet's customers or partners. Thank you. ***
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
