[Ach] work for the upcoming 1.0 release

Aaron Zauner azet at azet.org
Fri Mar 21 00:44:05 CET 2014


We should get to work again I guess and finish our first release.

I've given some thought to the most pressing point and still have a
couple of open questions that a consent of people working on the draft
might solve easily.

	* remove PKI part or shorten it significantly, two reasons:
		- it's too long, but does only cover very basic stuff
		- it does only mention openssl (and only basics) with no
		  further information on windows, OSX and UNIX PKI

	* remove the choosing your own cipher string section, I've
	  argued for that repeatedly since I first tried to finish
	  it. The main reasons:
		- It took us a long time to come up with sane defaults
		  this is not something anyone should 'just do'. we do
		  put out these recommendations for a reason, so people
		  do not have to go through that on their own and may
		  make fatal (security wise) mistakes
		- It would get far to extensive and speculative
		- Maintenance of that section will be a huge burden
		- We do not have anyone working on it. Adi has did not
		  finish it, and after some consideration I will not do
		  this eiter for the above mentioned points

	* remove any configuration section that still lacks most of the
	  information or is completely untested

	* unify all configurations to the same format, that means:
		- 'tested with version',
		  'notes/additional notes',
		  'how to test'.
		   every configuration we mention should have those subs

	* improve overall readability of the paper:
		- move the theory section to the front again (I've been
		  speaking with Ops and Academic people, most do find it
		  confusing that the theory section is at the end, and a
		  lot of people simply overlook it and email this very
		  mailing list with questions to references and
		  reasoning. put theory first, configurations in
		  appropriate appendices. this is also easier to extend
		  and maintain in the future.
		- reference authors and affiliation in a linked manner,
		  e.g. for friedrich alexander university there are now
		  two people contributing
		- reference e-mail addresses of the authors and put the
		  mailing list address first with a note

	* checksum
		- the final version of the paper should have a
		  cryptographic checksum in the PDF as well as in a
		  separate file (SHA-512 or Tiger will do just fine)

I'd like input on these issues (especially about unifying all
configurations, I cannot do that all by myself). We do need proof
reading as well. It's a 94 page document already so this will probably
not be done by a single person.

Thanks for your attention,

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20140321/1897910b/attachment.sig>

More information about the Ach mailing list