[Ach] [cryptography] Better Crypto

Peter Gutmann pgut001 at cs.auckland.ac.nz
Thu Jan 16 13:13:52 CET 2014

"L. Aaron Kaplan" <kaplan at cert.at> writes:

>So, Peter, how about this approach?

Sorry about the delayed reply, too much other stuff on my plate at the

>1. We will have three config options: cipher String A,B,C ( generic safe
>config, maximum interoperability (== this also makes the mozilla people happy
>then) and finally a super-hardened setting (with reduced compatibility)).
>Admins will get a choice and explanations on when to use which option.

That sounds good.

>3. we give people a config generator tool on the webpage which gives them
>snippets which they can include into their webservers, mailservers etc. The
>tool also shows admins (color codes?) which settings are compatible, unsafe

Now that would be very useful.

>4. In addition to having the config generator on the web page, the config
>snippets are moved to the appendix (as you suggested). The theory section
>moves up.

Yup, good idea.  The single-location-for-config solves the problem of having a
cut&paste of the same (or possibly somewhat out-of-sync when the doc is
updated) text in a dozen or more locations.


More information about the Ach mailing list