[16159] in cryptography@c2.net mail archive
Re: potential new IETF WG on anonymous IPSec
daemon@ATHENA.MIT.EDU (Hadmut Danisch)
Tue Sep 14 17:48:57 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: Hadmut Danisch <hadmut@danisch.de>
Date: Tue, 14 Sep 2004 11:55:41 +0200
To: Sam Hartman <hartmans@mit.edu>
Cc: Tim Shepard <shep@alum.mit.edu>,
"Zooko O'Whielcronx" <zooko@zooko.com>, cryptography@metzdowd.com
In-Reply-To: <tsl7jqyj9ke.fsf@cz.mit.edu>
On Mon, Sep 13, 2004 at 02:41:21PM -0400, Sam Hartman wrote:
>
> >> No. opportunistic encryption means I have retrieved a key or
> >> cert for the other party, but do not know whether it is
> >> actually the right cert.
>
> Tim> If the key is retrieved from the other end of a TCP
> Tim> connection (like vanilla ssh works the first time), is that
> Tim> included within the definition of "opportunistic encryption"?
>
> Yes.
Be careful. I believe that this is not as simple. It depends on
what you use the key for.
If it is used for encryption, then something like "opportunistic
encryption" exists. After all, using an unverified key for encryption
is not yet worse than using no encryption. So even if the key might
be the attacker's one, nothing is lost compared to plain
communication.
But avoiding faked TCP resets is also a matter of authenticity.
Does 'opportunistic authentication' exist?
regards
Hadmut
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
