[Ach] Local meeting on Monday?

Aaron Zauner azet at azet.org
Wed Jan 29 22:12:19 CET 2014


Unfortunately I'll be in Brussels and Ghent for FOSDEM14 and cfgmgmtcamp
until mid next week. I too think that we should again meet up regularly
we've got some quite useful feedback from people out of academia and
industry I'd like to incorporate what's possible into our paper and get
a first version out as soon as possible. As we've seen this will be an
ongoing effort since protocols and implementations currently change a
lot (which is - of course - a good thing!). I've especially found
suggestions by the Mozilla team and Peter Gutmann to be very useful, we
should really talk about that. Another thing is the unfinished "Choosing
your own cipher suite section" - Which, in my opinion, we should drop
since we'd tend to repeat a lot of the theory section and still make it
difficult for users to adopt settings by themselves. It has taken us
nearly 6 months for the current state of the draft and a lot of
research, I'm not sure that we should recommend to people to design
their own cipher-suites as that might imply security risk if not done
right and with the appropriate feedback. I'd be nice to provide
something like that, but honestly, I would not dare to use those
recommendations by myself because of the problems I've pointed out above.
Let me know what your thoughts on this particular issue are.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20140129/0a2a70c2/attachment.sig>

More information about the Ach mailing list