[Cryptography] IAB Statement on Internet Confidentiality

ianG iang at iang.org
Mon Nov 17 19:31:44 EST 2014

On 17/11/2014 19:57 pm, Jerry Leichter wrote:
> On Nov 17, 2014, at 4:00 AM, ianG <iang at iang.org> wrote:
>>> 2. You can't just encrypt/authenticate without dealing with key
>>> management, which adds more complexity and state to a protocol and
>>> supporting software.
>> The approach is opportunistic.  Eg., for TCP, do a key exchange startup using the optional extensions capability.  If that works, use it for packets, if it doesn't, back off to unencrypted.
> Given our recent experience with STARTTLS rollback by at least one ISP ... do we still feel so good about opportunistic encryption, at least defined in this way?

Yes, definitely.  Before, we didn't know who the attacker was.  We just 
handed everything over on a plate.

Now he has to attack.  Now we know who the attacker is.  It's a dramatic 
step forward.


More information about the cryptography mailing list