[Ach] few suggestions: HSTS, code / config snippets
Martin Rublik
martin.rublik at gmail.com
Thu Jan 9 12:13:13 CET 2014
Dear all,
I think that Better Crypto project is interesting and it is going to be a
valuable resource.
I've had a little discussion on improvements in the project with Aaron yesterday
and he suggested to post the thoughts here for discussion.
1. HSTS and HTTPS redirects
---------------------------
I quickly skimmed through the document and saw no explanation of HSTS / HTTPS
redirects. I think it would be nice to add a short explanation of HSTS before
recommending.
Especially it would be nice to point out that one should avoid HSTS for OCSP and
CRL distribution point URIs.
I guess the topic on HSTS / HTTPS redirects would fit in theory part along with
a little explanation of SSL/TLS, or at least as a note in references in the
Webservers section. One could cite at least RFC 6797 (at least section 11
https://tools.ietf.org/html/rfc6797#section-11 ) and OWASP
https://www.owasp.org/index.php/HTTP_Strict_Transport_Security
2. code / config snipets
------------------------
It would be great to have downloadable txt code / config files. The copy/paste
would be much easier. As far as I can see you use listings package. It would be
possible to put the listings in seperate files and input them using
\lstinputlisting. One could also publish the listings on a web site and link it
in the document.
I skimmed through the sources and I see a macro @@@CIPHERSTRINGB@@@ in the
listings (there might be more ...). In order to keep the variable Aaron sugested
to use perlify script. This way we could have a text listing (that could be fed
to lstinputlisting and published on a page) and still use the variable in source.
Finally, I have some knowledge with MS technologies, so I might help with IIS at
least as a reviewer or as a contributor. Looking forward.
Best regards
Martin Rublik
--
http://sk.linkedin.com/in/mrublik
221 Bye
More information about the Ach
mailing list