[Ach] [cryptography] Better Crypto

ianG iang at iang.org
Tue Jan 7 11:55:43 CET 2014

On 7/01/14 13:18 PM, L. Aaron Kaplan wrote:

> None if this is perfect yet of course.  One of the very productive feedback results was that we should make a HTML version.

A wiki...  I would say.

>    1. We will have three config options: cipher String A,B,C ( generic safe config, maximum interoperability (== this also makes the mozilla people happy then) and finally a super-hardened setting (with reduced compatibility)).
> Admins will get a choice and explanations on when to use which option.

You could call them:

Suite A:  maximum security, super hard
Suite B:  general safe
Suite C:  maximum compatibility

;)  or if you're worried about being sued for trademark violation, how 

Sweet A,
Bravo B,
Crazy C!

It would be nice if, typographically, we could see them on the page in 
some easy fashion.  Like, A at left, B in middle, C at right, in 
consistent columns.  Or in colours.

That way, a sysadm could implement things in C easily, then move from 
right to left and try things out.

Of course, this is only icing on the cake.  If it can do B above, 
general safe, then that is really a step forward for the world.

>    2. (time-wise) first we focus on some of the weak spots in the guide like the ssh config (client config is missing...), the theory section etc.
>    3. we give people a config generator tool on the webpage which gives them snippets which they can include into their webservers, mailservers etc. The tool also shows admins (color codes?) which settings are compatible, unsafe etc.
>    4. In addition to having the config generator on the web page, the config snippets are moved to the appendix (as you suggested). The theory section moves up.

I think the config cut&paste sections are what is important.  As Peter 
mentioned.  I'd flip that around:

Config sections are the bulk.  References to theory found in the 
Appendix, frequent tips that you'll enjoy some theory too.

It's an advice guide, not a schoolbook.

> Would that be more in your line of thinking?
> Anyway, we will have a authors' meeting today at  ~ 19:00 CET and can discuss this.
> Anyone who wants to join via teleconference: please get in contact with me. We will arrange for remote participation.

good luck.  I'm missing out on all the fun.  Again!


More information about the Ach mailing list