Under the lead of Dukhovni (2 sigma), IETF issued an interesting concept: Opportunistic Security (RFC 7435). Currently, communications are either cleartext or authenticated and encrypted. Unfortunately, wide scale deployment of ‘inter-operable’ authentication schemes is difficult. The internet is a good example with hundreds of certification authorities with not all them trustworthy.
With current protocols, if the authentication fails, then either the communication fails or falls back to clear text. Opportunistic security proposes a new approach.
- The default state is clear text.
- If ever encryption is available between peers, then communication uses the encrypted service. This communication is protected against passive attacks, but still vulnerable to active attacks such as man in the middle.
- If ever authentication is also available between peers, then the protocol attempts to authenticate. if successful, it would use encryption with a negotiated session key. This communication is protected against both passive and active attacks. If the authentication fails, then communication falls back to encrypted communication.
The announced concept is that encryption alone, even with deprecated algorithms, is better than clear text. The wide use of encryption would thwart , at least, information collection by sniffing. The claimed purpose is to boost the deployment and use of encryption technologies to prepare the later proper deployment of authenticated protocols.
The idea is interesting. Nevertheless, I believe that a mandatory component would be to indicate clearly to the user in which mode his communication is currently: clear, encrypted, authenticated and encrypted. This would be an indicator of the level of trust associated with the transfer. Unfortunately, the distinction may be difficult for laymen.