[Cryptography] IAB Statement on Internet Confidentiality
leichter at lrw.com
Mon Nov 17 14:57:31 EST 2014
On Nov 17, 2014, at 4:00 AM, ianG <iang at iang.org> wrote:
>> 2. You can't just encrypt/authenticate without dealing with key
>> management, which adds more complexity and state to a protocol and
>> supporting software.
> The approach is opportunistic. Eg., for TCP, do a key exchange startup using the optional extensions capability. If that works, use it for packets, if it doesn't, back off to unencrypted.
Given our recent experience with STARTTLS rollback by at least one ISP ... do we still feel so good about opportunistic encryption, at least defined in this way?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4813 bytes
Desc: not available
More information about the cryptography