[Ach] [PATCH 2/2] Fix a few typos.
L. Aaron Kaplan
kaplan at cert.at
Mon Dec 30 10:12:54 CET 2013
Thank you very much Cyril,
I'll look at the patched today afternoon.
On Dec 30, 2013, at 3:51 AM, Cyril Brulebois <kibi at debian.org> wrote:
> ---
> src/abstract.tex | 2 +-
> src/howtoread.tex | 2 +-
> src/practical_settings/im.tex | 2 +-
> src/practical_settings/mailserver.tex | 2 +-
> src/practical_settings/proxy_solutions.tex | 2 +-
> src/practical_settings/vpn.tex | 2 +-
> src/practical_settings/webserver.tex | 4 ++--
> 7 files changed, 8 insertions(+), 8 deletions(-)
>
>
> A few comments:
> - I'm no native speaker.
> - I didn't rebuild the document (yet) due to a flaky connectivity,
> making it hard to install a LaTeX toolchain. Accordingly: please
> double-check the ~ thing in the last hunk.
>
> Sorry about that, and thanks for this nice doc! Now back to 3.2.x...
>
> Mraw,
> KiBi.
>
> diff --git a/src/abstract.tex b/src/abstract.tex
> index 68b5e15..38450ce 100644
> --- a/src/abstract.tex
> +++ b/src/abstract.tex
> @@ -33,7 +33,7 @@ document.
> The focus of this guide is merely to give current \emph{best practices for
> configuring complex cipher suites} and related parameters in a \emph{copy \&
> paste-able manner}. The guide tries to stay as concise as is possible for such
> -a complex topic as cryptography. Naturaly, it can not be complete. Instead,
> +a complex topic as cryptography. Naturally, it can not be complete. Instead,
> there are many excellent guides~\cite{ii2011ecrypt,TR02102} and best
> practice documents available when it comes to cryptography. However none of
> them focuses specifically on what an average system administrator needs for
> diff --git a/src/howtoread.tex b/src/howtoread.tex
> index 64669ac..035c49e 100644
> --- a/src/howtoread.tex
> +++ b/src/howtoread.tex
> @@ -1,6 +1,6 @@
> \section{How to read this guide}
> \label{sec:how-read-this}
> -This guide tries to accommodate two needs: first of all, having a handy reference on how to configure the most common services's crypto settings and second of all, explaining a bit, how to chose your own cipher settings.
> +This guide tries to accommodate two needs: first of all, having a handy reference on how to configure the most common services' crypto settings and second of all, explaining a bit, how to chose your own cipher settings.
>
> System administrators who want to copy \& paste recommendations quickly without spending a lot of time on background reading on cryptography or cryptanalysis can do so, by simply searching for the corresponding section in chapter \ref{chapter:PracticalSettings} (``Practical recommendations''). However, for the quick copy \& paste approach it is important to know that this guide assumes users are happy with \textit{cipher String B} which is the baseline and most compatible recommendation that the authors came up with. \textit{Cipher string B} is described in \ref{section:recommendedciphers}. \textit{Cipher String B} covers the most common use-cases (such as running an e-commerce shop, a private homepage, a mail server, $ \ldots $)
>
> diff --git a/src/practical_settings/im.tex b/src/practical_settings/im.tex
> index de193a1..5a3051a 100644
> --- a/src/practical_settings/im.tex
> +++ b/src/practical_settings/im.tex
> @@ -110,7 +110,7 @@ listen {
> \subsubsection{SILC}
>
> SILC\footnote{\url{http://www.silcnet.org/} and
> -\url{https://en.wikipedia.org/wiki/SILC_(protocol)}} is instant messaging
> +\url{https://en.wikipedia.org/wiki/SILC_(protocol)}} is an instant messaging
> protocol publicly released in 2000. SILC is a per-default secure chat protocol
> thanks to a generalized usage of symmetric encryption. Keys are generated by
> the server meaning that if compromised, communication could be compromised.
> diff --git a/src/practical_settings/mailserver.tex b/src/practical_settings/mailserver.tex
> index 12a023c..7b8a104 100644
> --- a/src/practical_settings/mailserver.tex
> +++ b/src/practical_settings/mailserver.tex
> @@ -278,7 +278,7 @@ interoperability risk, but we have not tested this yet.
>
> You can check the effect of the settings with the following command:
> \begin{lstlisting}[breaklines]
> -$ zegrep "TLS connection established from.*with cipher" | /var/log/mail.log | awk '{printf("%s %s %s %s\n", $12, $13, $14, $15)}' | sort | uniq -c | sort -n
> +$ zegrep "TLS connection established from.*with cipher" /var/log/mail.log | awk '{printf("%s %s %s %s\n", $12, $13, $14, $15)}' | sort | uniq -c | sort -n
> 1 SSLv3 with cipher DHE-RSA-AES256-SHA
> 23 TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384
> 60 TLSv1 with cipher ECDHE-RSA-AES256-SHA
> diff --git a/src/practical_settings/proxy_solutions.tex b/src/practical_settings/proxy_solutions.tex
> index b686232..d7d5155 100644
> --- a/src/practical_settings/proxy_solutions.tex
> +++ b/src/practical_settings/proxy_solutions.tex
> @@ -15,7 +15,7 @@ For encrypted traffic there are four options:
>
> While the latest solution might be the most "up to date", it arises a new front in the context of this paper, because the most secure part of a client's connection could only be within the corporate network, if the proxy-server handles the connection to the destination server in an insecure manner.
>
> -Conclusion: Don't forget to check your proxy solutions SSL-capabilities. Also do so for your reverse proxies!
> +Conclusion: Don't forget to check your proxy solutions' SSL-capabilities. Also do so for your reverse proxies!
>
> \subsubsection{squid}
>
> diff --git a/src/practical_settings/vpn.tex b/src/practical_settings/vpn.tex
> index f325f2a..b18b84e 100644
> --- a/src/practical_settings/vpn.tex
> +++ b/src/practical_settings/vpn.tex
> @@ -175,7 +175,7 @@ Communities can be found in the ``IPSEC VPN'' tab of SmartDashboard.
> \label{fig:checkpoint_1}
> \end{figure}
>
> -Either chose one of the encryption suites in the properties dialog
> +Either choose one of the encryption suites in the properties dialog
> (figure \ref{fig:checkpoint_1}), or proceed to
> ``Custom Encryption...'', where you can set encryption and hash for
> Phase 1 and 2 (figure \ref{fig:checkpoint_2}).
> diff --git a/src/practical_settings/webserver.tex b/src/practical_settings/webserver.tex
> index a173b6f..cd1ce46 100644
> --- a/src/practical_settings/webserver.tex
> +++ b/src/practical_settings/webserver.tex
> @@ -121,7 +121,7 @@ HTTPS is in use.
> The config option \emph{honor-cipher-order} is available since 1.4.30, the
> supported ciphers depend on the used OpenSSL-version (at runtime). ECDH has to
> be available in OpenSSL at compile-time, which should be default. SSL
> -compression should by deactivated by default at compile-time (if not, it's
> +compression should be deactivated by default at compile-time (if not, it's
> active).
>
> Support for other SSL-libraries like GnuTLS will be available in the upcoming
> @@ -154,7 +154,7 @@ See appendix \ref{cha:tools}
> \item 1.4.4 with OpenSSL 1.0.1e on OS X Server 10.8.5
> \item 1.2.1-2.2+wheezy2 with OpenSSL 1.0.1e on Debian Wheezy
> \item 1.4.4 with OpenSSL 1.0.1e on Debian Wheezy
> -\item 1.2.1-2.2~bpo60+2 with OpenSSL 0.9.8o on Debian Squeeze (note that TLSv1.2 does not work in openssl 0.9.8 thus not all ciphers actually work)
> +\item 1.2.1-2.2\~{}bpo60+2 with OpenSSL 0.9.8o on Debian Squeeze (note that TLSv1.2 does not work in openssl 0.9.8 thus not all ciphers actually work)
> \end{itemize}
>
>
> --
> 1.7.10.4
>
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
---
// L. Aaron Kaplan <kaplan at cert.at> - T: +43 1 5056416 78
// CERT Austria - http://www.cert.at/
// Eine Initiative der nic.at GmbH - http://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131230/018a3d64/attachment.sig>
More information about the Ach
mailing list