[Ach] [cryptography] Better Crypto

L. Aaron Kaplan kaplan at cert.at
Thu Jan 16 14:47:54 CET 2014

Hi Peter, hi list,

On Jan 16, 2014, at 1:13 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:

> "L. Aaron Kaplan" <kaplan at cert.at> writes:
>> So, Peter, how about this approach?
> Sorry about the delayed reply, too much other stuff on my plate at the
> moment...
>> 1. We will have three config options: cipher String A,B,C ( generic safe
>> config, maximum interoperability (== this also makes the mozilla people happy
>> then) and finally a super-hardened setting (with reduced compatibility)).
>> Admins will get a choice and explanations on when to use which option.
> That sounds good.

okay. We'll discuss this at the next meeting of co-writers then .

>> 3. we give people a config generator tool on the webpage which gives them
>> snippets which they can include into their webservers, mailservers etc. The
>> tool also shows admins (color codes?) which settings are compatible, unsafe
>> etc.
> Now that would be very useful.

>> 4. In addition to having the config generator on the web page, the config
>> snippets are moved to the appendix (as you suggested). The theory section
>> moves up.
> Yup, good idea.  The single-location-for-config solves the problem of having a
> cut&paste of the same (or possibly somewhat out-of-sync when the doc is
> updated) text in a dozen or more locations.

same comment applies: I'll discuss this with the co-writers. We skipped the meeting the 
last Monday and there are many pull requests and change requests in the queue.
So, we'll have to resume working on the draft version soon.

Thanks very much for your great input and comments!

// L. Aaron Kaplan <kaplan at cert.at> - T: +43 1 5056416 78
// CERT Austria - http://www.cert.at/
// Eine Initiative der nic.at GmbH - http://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20140116/a5f5e27e/attachment.sig>

More information about the Ach mailing list