[Ach] reviewers

L. Aaron Kaplan kaplan at cert.at
Tue Dec 24 18:42:52 CET 2013 

On Dec 24, 2013, at 5:32 PM, christian mock <cm at coretec.at> wrote:

> One of the people I asked for a review was a bit worried that he
> couldn't stand with his name for the sections of the document he
> didn't review; he asked to have the reviewed sections listed with the
> reviewers, which I thought to be waaaaay to complicated, so I proposed
> to put some note in the reviewers section mentioning that they didn't
> review everything...
> 
> Please check and revert if you don't like it.

Makes sense, thanks

> 
> From the reviewers I contacted, the following issues are up for
> discussion:
> 
> * we need a more prominent note that the reader should make sure he's got a
>  current copy of our document, because "secure" settings may change
>  any day when a new attack is discovered!

ACK

> 
> * PKI section; I've rewritten it to include the CA and the Web of
>  Trust system to be more generic.
> 
> * admins might be interested in performance estimates (i.e. "if I turn
>  on PFS, what is the slowdown?")
> 
Good idea

> * the "MAC" column in the cipher suite tables (3.2.3) and in other
>  places does actually not contain a MAC, but a hash or a block cipher
>  mode... this may be nitpicking, but so will be our readers.
> 
> * "factoring large primes" (ECC section, f'rex) is wrong, it's about
>  prime-factoring large numbers, isn't it?
> 
Nice catch :)

> more later,
> 
> cm.
> 
> 
> 
> 
> -- 
> Christian Mock                          Wiedner Hauptstr. 15
> Senior Security Engineer                1040 Wien
> CoreTEC IT Security Solutions GmbH      +43-1-5037273
> FN 214709 z
> 
> .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
> CoreTEC: Web Application Audit - Damit so etwas nicht passiert!
> 
> http://heise.de/-1260559
> 
> .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach

--- 
// L. Aaron Kaplan <kaplan at cert.at> - T: +43 1 5056416 78
// CERT Austria - http://www.cert.at/
// Eine Initiative der nic.at GmbH - http://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131224/da69ac5e/attachment.sig>

More information about the Ach mailing list