[Ach] (no subject)

Joe St Sauver joe at oregon.uoregon.edu
Sun Jan 12 18:48:22 CET 2014


Ahmad Bilal <ahmadbilal200854 at gmail.com> commented:

#Yes, there should a be a tutorial about start working with SSL, something
#very very easy to understand. It could be a guideline type of thing about
#what to expect. And should assume, that the very basic words related to
#certificates are jargon to the intended reader.
#- Basic explanation of what a certificate does
#- Some alternatives, pro/cons of certificates
#- A few established providers, who are industry reviewed.
#-A general process of what is the minimum things that should happen (should
#be based upon experience with the established players) etc. A general
#flowchart (graph)
#The point is, most SysAdmin, don't know which point exactly they are
#missing in this vast field, there is trust at stake, security of more than
#a handful users is at stake, so a SysAdmin should be spoon-fed everything
#all over again. I know that sounds a bit excessive, but my main point is
#that there is a lot of noise, around this topic, that is the main
#bottleneck for many like me.

Back in the fall of 2011, I did a talk for the Internet2 Member Meeting
entitled "SSL/TLS Certificates: Giving Your Use of Server Certificates a
Hard Look," see http://pages.uoregon.edu/joe/hardlook/hard-look.pdf [or

In that talk I did NOT take the same emphasis that the ACH project has,
e.g., at that point TLS1.2 wasn't available for OpenSSL, and I didn't 
dwell on cipher suite choice, just to mention two of many things that
are different now, but I did provide more background/context for the 
SSL/TLS role, which sounds like what you may be looking for, Ahmad.

If any of that talk would be helpful to update and include, I'd be happy
to have that happen (all I ask is that any section/sections you choose
to use get attributed/cited)

But I certainly "get it" if the ACH project wants to keep the current
document as focused and svelt as possible, too.



More information about the Ach mailing list