
Thoughts on Opportunistic Encryption - hnews_poly
http://darkdepths.net/thoughts-on-opportunistic-encryption.html
======
rakoo
> Opportunistic encryption, or OE for short, essentially means "try to encrypt
> it, don't bother if you can't". It also often means "don't bother to check
> the authenticity of the other endpoint."

I was under the impression OE only has the latter meaning, ie "Encrypt all the
time, check authenticity if it's easy otherwise keep it unchecked but _still_
encrypted". The major idea is that checking authenticity is a hard problem so
instead of trying to solve all problems at once, we do what we can already
reliably do for now, while still acknowledging that the connection isn't
technically secure but has good chances to be if you want to protect against
passive/poor attackers. That's exactly what "opportunistic" means: in some
cases (and some might say most) not checking authenticity can be good enough,
so we should go with it _at all times_.

The first meaning is just about using advertised capabilities.

