[Ach] reviewers

christian mock cm at coretec.at
Tue Dec 24 17:32:42 CET 2013


One of the people I asked for a review was a bit worried that he
couldn't stand with his name for the sections of the document he
didn't review; he asked to have the reviewed sections listed with the
reviewers, which I thought to be waaaaay to complicated, so I proposed
to put some note in the reviewers section mentioning that they didn't
review everything...

Please check and revert if you don't like it.

>From the reviewers I contacted, the following issues are up for
discussion:

* we need a more prominent note that the reader should make sure he's got a
  current copy of our document, because "secure" settings may change
  any day when a new attack is discovered!

* PKI section; I've rewritten it to include the CA and the Web of
  Trust system to be more generic.

* admins might be interested in performance estimates (i.e. "if I turn
  on PFS, what is the slowdown?")

* the "MAC" column in the cipher suite tables (3.2.3) and in other
  places does actually not contain a MAC, but a hash or a block cipher
  mode... this may be nitpicking, but so will be our readers.

* "factoring large primes" (ECC section, f'rex) is wrong, it's about
  prime-factoring large numbers, isn't it?


more later,

cm.




-- 
Christian Mock                          Wiedner Hauptstr. 15
Senior Security Engineer                1040 Wien
CoreTEC IT Security Solutions GmbH      +43-1-5037273
FN 214709 z

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
CoreTEC: Web Application Audit - Damit so etwas nicht passiert!

http://heise.de/-1260559

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.



More information about the Ach mailing list