[Ach] work for the upcoming 1.0 release

Tobias Pape Das.Linux at gmx.de
Sat Mar 22 17:14:43 CET 2014


On 21.03.2014, at 00:44, Aaron Zauner <azet at azet.org> wrote:

> Hi,
> We should get to work again I guess and finish our first release.
> I've given some thought to the most pressing point and still have a
> couple of open questions that a consent of people working on the draft
> might solve easily.
> 	* remove PKI part or shorten it significantly, two reasons:
> 		- it's too long, but does only cover very basic stuff
> 		- it does only mention openssl (and only basics) with no
> 		  further information on windows, OSX and UNIX PKI
> 	* remove the choosing your own cipher string section, I've
> 	  argued for that repeatedly since I first tried to finish
> 	  it. The main reasons:
> 		- It took us a long time to come up with sane defaults
> 		  this is not something anyone should 'just do'. we do
> 		  put out these recommendations for a reason, so people
> 		  do not have to go through that on their own and may
> 		  make fatal (security wise) mistakes
> 		- It would get far to extensive and speculative
> 		- Maintenance of that section will be a huge burden
> 		- We do not have anyone working on it. Adi has did not
> 		  finish it, and after some consideration I will not do
> 		  this eiter for the above mentioned points
> 	* remove any configuration section that still lacks most of the
> 	  information or is completely untested
> 	* unify all configurations to the same format, that means:
> 		- 'tested with version',
> 		  'settings',
> 		  'notes/additional notes',
> 		  'references',
> 		  'how to test'.
> 		   every configuration we mention should have those subs
> 	* improve overall readability of the paper:
> 		- move the theory section to the front again (I've been
> 		  speaking with Ops and Academic people, most do find it
> 		  confusing that the theory section is at the end, and a
> 		  lot of people simply overlook it and email this very
> 		  mailing list with questions to references and
> 		  reasoning. put theory first, configurations in
> 		  appropriate appendices. this is also easier to extend
> 		  and maintain in the future.
> 		- reference authors and affiliation in a linked manner,
> 		  e.g. for friedrich alexander university there are now
> 		  two people contributing
> 		- reference e-mail addresses of the authors and put the
> 		  mailing list address first with a note
> 	* checksum
> 		- the final version of the paper should have a
> 		  cryptographic checksum in the PDF as well as in a
> 		  separate file (SHA-512 or Tiger will do just fine)
> I'd like input on these issues (especially about unifying all
> configurations, I cannot do that all by myself). We do need proof
> reading as well. It's a 94 page document already so this will probably
> not be done by a single person.

One question regarding the code snippets, again.
I would somewhen invest some time to make the snippets actual config files
and just "inline" them in the doc, so that people can actually look at whole
Config files, eg, on github. Opinions?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1625 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20140322/3e153bf1/attachment.sig>

More information about the Ach mailing list