[Ach] work for the upcoming 1.0 release
David Durvaux
david.durvaux at gmail.com
Wed Mar 26 09:57:58 CET 2014
Hello Aaron,
You are right, we should finish.
What about making "issues" on GitHub? Just to keep trace of the needed
tasks and who do what ;).
Regarding TODO, I would keep them for v 1.1 or v 2.0 :-D.
Best regards,
David
2014-03-21 0:44 GMT+01:00 Aaron Zauner <azet at azet.org>:
> Hi,
>
> We should get to work again I guess and finish our first release.
>
> I've given some thought to the most pressing point and still have a
> couple of open questions that a consent of people working on the draft
> might solve easily.
>
> * remove PKI part or shorten it significantly, two reasons:
> - it's too long, but does only cover very basic stuff
> - it does only mention openssl (and only basics) with no
> further information on windows, OSX and UNIX PKI
>
> * remove the choosing your own cipher string section, I've
> argued for that repeatedly since I first tried to finish
> it. The main reasons:
> - It took us a long time to come up with sane defaults
> this is not something anyone should 'just do'. we do
> put out these recommendations for a reason, so people
> do not have to go through that on their own and may
> make fatal (security wise) mistakes
> - It would get far to extensive and speculative
> - Maintenance of that section will be a huge burden
> - We do not have anyone working on it. Adi has did not
> finish it, and after some consideration I will not do
> this eiter for the above mentioned points
>
> * remove any configuration section that still lacks most of the
> information or is completely untested
>
> * unify all configurations to the same format, that means:
> - 'tested with version',
> 'settings',
> 'notes/additional notes',
> 'references',
> 'how to test'.
> every configuration we mention should have those subs
>
> * improve overall readability of the paper:
> - move the theory section to the front again (I've been
> speaking with Ops and Academic people, most do find it
> confusing that the theory section is at the end, and a
> lot of people simply overlook it and email this very
> mailing list with questions to references and
> reasoning. put theory first, configurations in
> appropriate appendices. this is also easier to extend
> and maintain in the future.
> - reference authors and affiliation in a linked manner,
> e.g. for friedrich alexander university there are now
> two people contributing
> - reference e-mail addresses of the authors and put the
> mailing list address first with a note
>
> * checksum
> - the final version of the paper should have a
> cryptographic checksum in the PDF as well as in a
> separate file (SHA-512 or Tiger will do just fine)
>
>
> I'd like input on these issues (especially about unifying all
> configurations, I cannot do that all by myself). We do need proof
> reading as well. It's a 94 page document already so this will probably
> not be done by a single person.
>
> Thanks for your attention,
> Aaron
>
>
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>
>
--
David DURVAUX
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20140326/3ebc276a/attachment.html>
More information about the Ach
mailing list