potential new IETF WG on anonymous IPSec
Sam Hartman
hartmans at mit.edu
Mon Sep 13 14:41:21 EDT 2004
>>>>> "Tim" == Tim Shepard <shep at alum.mit.edu> writes:
Tim> Sam said:
>> No. opportunistic encryption means I have retrieved a key or
>> cert for the other party, but do not know whether it is
>> actually the right cert.
Tim> If the key is retrieved from the other end of a TCP
Tim> connection (like vanilla ssh works the first time), is that
Tim> included within the definition of "opportunistic encryption"?
Yes.
Note that for at least one of the uses of anonymous ipsec you
specifically don't want this behavior because you specifically don't
want people to cache keys in an ssh known_hosts style. For other uses
you would want this behavior.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list