[Ach] Improving Applied Crypto Hardening Draft
Manuel Kraus
ach at lsd.is
Fri Jan 10 14:32:24 CET 2014
Am Fri, 10 Jan 2014 11:22:26 +0100
schrieb Axel Hübl <axel.huebl at web.de>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hi,
> On 10.01.2014 09:42, Manuel Kraus wrote:
>
> > a) Page 55
> >
> > Key Exchange Table
> >
> > - What is EECDH? Maybe you mean ECDHE instead?
>
> They are synonyms.
> One should state that since the theory section always talks about
> "ECDHE" but the actual cypher is EECDH.
>
> One first attemp to improve for the Apache config that was done in #33
> https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/33
>
> but that problem occurs on other sections, too.
>
> Cheers
> Axel
Thanks for the clarification!
Well, the naming scheme seems to be quite inconsistent anyways. DHE vs. EDH, for example, meaning the same.
But I'd like to recommend to strictly use the common crypto stack given acronyms, instead of putting new ones in. Since this draft ist targeted at system administrators, other naming variants are useless confusing (it has confused me already). For me it is the openssl package, which rules, so I would vote for "ECDHE" in this case. Well, unless it isn't named something else in other valid crypto stacks... or the guys around openssl change it. :-P
Manuel
--
Linux® System Dienste
http://lsd.is
More information about the Ach
mailing list