Talk:Opportunistic encryption

Cryptography: Computer science Mid‑importance

	This article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.CryptographyWikipedia:WikiProject CryptographyTemplate:WikiProject CryptographyCryptography articles
Mid	This article has been rated as Mid-importance on the importance scale.
	This article is supported by WikiProject Computer science (assessed as Mid-importance).

Computing: Networking / Software / Websites Low‑importance

This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles

Low

This article has been rated as Low-importance on the project's importance scale.

This article is supported by Networking task force (assessed as Mid-importance).

This article is supported by WikiProject Software (assessed as Mid-importance).

This article is supported by WikiProject Websites (assessed as Mid-importance).

This article is supported by WikiProject Computer Security (assessed as High-importance).

Things you can help WikiProject Computer Security with:

Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information...

Answer question about Same-origin_policy
Review importance and quality of existing articles
Identify categories related to Computer Security
Tag related articles
Identify articles for creation (see also: Article requests)
Identify articles for improvement
Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc.
Find editors who have shown interest in this subject and ask them to take a look here.

Thwaite Freemail[edit]

Thawte Freemail seems to no longer be available as of 2009-12-11. See http://www.thawte.com/resources/personal-email-certificates/index.html. "Thawte has discontinued Personal Email Certificates and the Web of Trust (WOT) certification system. For more information, please review our FAQ for the end of life of Web of Trust/Class One. We respect your privacy and encourage you to view our Privacy Statement for more information. Other certificate authorities, such as VeriSign, continue to offer email certificates to digitally sign and encrypt your personal digital communications. " — Preceding unsigned comment added by Dr.glen (talk • contribs)

BTNS[edit]

Opportunistic encryption involves using a key that might be known, and backing off to non-keyed when the key is not known. It has been mistakenly claimed similar to BTNS (Better Than Nothing Security), which is part of the Anonsec (Anonymous Security) framework by Joe Touch of USC/ISI. BTNS uses unsigned Diffie-Hellman exchanges to establish session keys between parties that have no shared keys or key framework. BTNS does not 'back-off'; in contrast to OE, BTNS allows a unsigned key pair to later be signed using in-band exchanges at other protocol layers, using a combination of Channel Binding and Connection Latching. OE has no relation to BTNS. —Preceding unsigned comment added by Jtouch (talk • contribs) 06:01, 19 January 2010 (UTC)[reply]

To the contrary, BTNS is a type of Opportunistic Encryption. Just because it has an additional capability of validating keys does not make the base mode not opportunistic. BTNS's base capability pretty much is the definition of OE, as it encrypts when the receiver is able. — Preceding unsigned comment added by 98.117.222.163 (talk) 00:57, 2 August 2012 (UTC)[reply]

HTTPS is no OE[edit]

The first paragraph of the "website" section is kinda confusing AND outdated.

It is confusing because it lead to believe that https is OE. I'm no expert but https is not right ?

I think the purpose of this introduction was to highlight the fact that https is costly, hard to setup and maintain, thus the need for OE. But since that is not true anymore (let's encrypt : free, easy to setup and maintain) the whole paragraph is irrelevant and is just adding confusion, we should delete it. I don't want to do it on my own, so I'm waiting for your point of view.
MaxLanar (talk) 17:38, 31 August 2017 (UTC)[reply]

Merger proposal (Opportunistic TLS)[edit]

I propose to merge Opportunistic TLS into Opportunistic encryption. They have substantial overlap, and the TLS page has relatively little TLS-specific content and it covers the potential weaknesses in more detail. Gsnedders (talk) 10:56, 20 July 2020 (UTC)[reply]

Agree. The term "opportunistic encryption" also captures the idea of "Opportunistic SSL" which co-existed with "Opportunistic TLS" in the days of SSL.— Preceding unsigned comment added by Anton.bersh (talk • contribs) 19:34, 5 April 2021 (UTC)[reply]

- (not clear on who added this text above)

Oppose The term "opportunistic encryption" covers a wide range of different types of encryption. Using TLS in an opportunistic fashion is just one of the many different forms here. I think that adding the text on Opportunistic TLS into this article would make THIS article far too long. And, for people wanting to understand more about only the opportunistic use of TLS, the separate article is quicker at getting people to the info they want. - Dyork (talk) 01:38, 12 April 2021 (UTC)[reply]

Closing, given the uncontested objection with stale discussion. Klbrain (talk) 14:20, 10 August 2021 (UTC)[reply]