[Ach] work for the upcoming 1.0 release

David Durvaux david.durvaux at gmail.com
Wed Mar 26 09:57:58 CET 2014

Hello Aaron,

You are right, we should finish.

What about making "issues" on GitHub?   Just to keep trace of the needed
tasks and who do what ;).

Regarding TODO, I would keep them for v 1.1 or v 2.0 :-D.

Best regards,


2014-03-21 0:44 GMT+01:00 Aaron Zauner <azet at azet.org>:

> Hi,
> We should get to work again I guess and finish our first release.
> I've given some thought to the most pressing point and still have a
> couple of open questions that a consent of people working on the draft
> might solve easily.
>         * remove PKI part or shorten it significantly, two reasons:
>                 - it's too long, but does only cover very basic stuff
>                 - it does only mention openssl (and only basics) with no
>                   further information on windows, OSX and UNIX PKI
>         * remove the choosing your own cipher string section, I've
>           argued for that repeatedly since I first tried to finish
>           it. The main reasons:
>                 - It took us a long time to come up with sane defaults
>                   this is not something anyone should 'just do'. we do
>                   put out these recommendations for a reason, so people
>                   do not have to go through that on their own and may
>                   make fatal (security wise) mistakes
>                 - It would get far to extensive and speculative
>                 - Maintenance of that section will be a huge burden
>                 - We do not have anyone working on it. Adi has did not
>                   finish it, and after some consideration I will not do
>                   this eiter for the above mentioned points
>         * remove any configuration section that still lacks most of the
>           information or is completely untested
>         * unify all configurations to the same format, that means:
>                 - 'tested with version',
>                   'settings',
>                   'notes/additional notes',
>                   'references',
>                   'how to test'.
>                    every configuration we mention should have those subs
>         * improve overall readability of the paper:
>                 - move the theory section to the front again (I've been
>                   speaking with Ops and Academic people, most do find it
>                   confusing that the theory section is at the end, and a
>                   lot of people simply overlook it and email this very
>                   mailing list with questions to references and
>                   reasoning. put theory first, configurations in
>                   appropriate appendices. this is also easier to extend
>                   and maintain in the future.
>                 - reference authors and affiliation in a linked manner,
>                   e.g. for friedrich alexander university there are now
>                   two people contributing
>                 - reference e-mail addresses of the authors and put the
>                   mailing list address first with a note
>         * checksum
>                 - the final version of the paper should have a
>                   cryptographic checksum in the PDF as well as in a
>                   separate file (SHA-512 or Tiger will do just fine)
> I'd like input on these issues (especially about unifying all
> configurations, I cannot do that all by myself). We do need proof
> reading as well. It's a 94 page document already so this will probably
> not be done by a single person.
> Thanks for your attention,
> Aaron
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20140326/3ebc276a/attachment.html>

More information about the Ach mailing list