Re: Wes Hardaker: opportunistic encryption deployment problems

[Henry Spencer <henry@spsystems.net>]

On Tue, 7 Aug 2001, Michael Thomas wrote:
> I guess I have to ask a really dumb question. Given the
> likelihood of DNSSEC any time soon, why don't we just
> ignore any pretense of authentication with opportunistic
> encryption and just accept the MITM attack inherent with
> ephemeral DH exchanges?

We thought about that, but decided that some authentication was better
than none, especially since it would upgrade transparently to full
authentication.  It's one thing to accept security loopholes as a
temporary measure, and another to define a protocol that will always have
security loopholes.

> Also: it seems to me that expecting
> a secure DNS isn't actually opportunistic at all: it's
> trying to assert a different source of (sometimes strong) identity...

This basically boils down to what you think "opportunistic" means.  We
don't see it as meaning "will talk to anybody, no setup necessary" but
rather "will talk to anybody who's set up for it".  Some amount of setup
is clearly necessary anyway; we'd have liked to be able to talk to an
IPsec-capable host that's unaware of opportunistic encryption, but it
isn't possible.

                                                          Henry Spencer
                                                       henry@spsystems.net

---

Follow-Ups:

• Re: Wes Hardaker: opportunistic encryption deployment problems
• From: Michael Thomas <mat@cisco.com>

References:

• Re: Wes Hardaker: opportunistic encryption deployment problems
• From: Michael Thomas <mat@cisco.com>

---

• Prev by Date: Re: Wes Hardaker: opportunistic encryption deployment problems
• Next by Date: Re: Phase 1 IDs ("son of IKE")
• Prev by thread: Re: Wes Hardaker: opportunistic encryption deployment problems
• Next by thread: Re: Wes Hardaker: opportunistic encryption deployment problems
• Index(es):
  • Main
  • Thread