Hop-to-hop security
mechanisms may be susceptible to downgrade attacks (e.g., STARTTLS-
secured SMTP has been downgraded by intermediate network nodes [WaPo-
STARTTLS]) in which case end-to-end mechanisms are advised.
It appears in a discussion about the role of hop-by-hop security. A valuable discussion.
However, it appears to make a statement about hop-by-hop security that is inherently false. This is a failing with the actors in the system not having an expectation that security is used. They are willing to accept unsecured communication. As such, it's a statement about opportunistic security.
This is a statement that more rightly belongs in the section on unauthenticated encryption (which might be better repurposed to discussion opportunistic security in that case, see #23).
If there is a statement to be made here, it is that downgrade in a hop-by-hop system is inherently harder to a) retrofit, and b) detect. Since the status of hops that an actor doesn't participate in is unknowable, only systems that insist on end-to-end security actually get any verifiable guarantees.
This statement is misleading:
It appears in a discussion about the role of hop-by-hop security. A valuable discussion.
However, it appears to make a statement about hop-by-hop security that is inherently false. This is a failing with the actors in the system not having an expectation that security is used. They are willing to accept unsecured communication. As such, it's a statement about opportunistic security.
This is a statement that more rightly belongs in the section on unauthenticated encryption (which might be better repurposed to discussion opportunistic security in that case, see #23).
If there is a statement to be made here, it is that downgrade in a hop-by-hop system is inherently harder to a) retrofit, and b) detect. Since the status of hops that an actor doesn't participate in is unknowable, only systems that insist on end-to-end security actually get any verifiable guarantees.