[Ach] reviewers
christian mock
cm at coretec.at
Tue Dec 24 17:32:42 CET 2013
One of the people I asked for a review was a bit worried that he
couldn't stand with his name for the sections of the document he
didn't review; he asked to have the reviewed sections listed with the
reviewers, which I thought to be waaaaay to complicated, so I proposed
to put some note in the reviewers section mentioning that they didn't
review everything...
Please check and revert if you don't like it.
>From the reviewers I contacted, the following issues are up for
discussion:
* we need a more prominent note that the reader should make sure he's got a
current copy of our document, because "secure" settings may change
any day when a new attack is discovered!
* PKI section; I've rewritten it to include the CA and the Web of
Trust system to be more generic.
* admins might be interested in performance estimates (i.e. "if I turn
on PFS, what is the slowdown?")
* the "MAC" column in the cipher suite tables (3.2.3) and in other
places does actually not contain a MAC, but a hash or a block cipher
mode... this may be nitpicking, but so will be our readers.
* "factoring large primes" (ECC section, f'rex) is wrong, it's about
prime-factoring large numbers, isn't it?
more later,
cm.
--
Christian Mock Wiedner Hauptstr. 15
Senior Security Engineer 1040 Wien
CoreTEC IT Security Solutions GmbH +43-1-5037273
FN 214709 z
.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
CoreTEC: Web Application Audit - Damit so etwas nicht passiert!
http://heise.de/-1260559
.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
More information about the Ach
mailing list