[Ach] Listing uncovered Software

Thu Feb 26 12:14:58 CET 2015

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,
> I'm not sure how we'd decide what gets listed in "these are hopeless" as
> opposed to just not listed at all, though.  Should we list the
> "hopeless" items by protocol or by implementation?  Should the threshold
> be some sort of userbase size?  there are surely thousands of
> network-facing applications out there that might legitimately be called
> "hopeless".  Is network-facing the right cutoff?  gpg is arguably not a
> network-facing application, for example.
To cite the scope in 1.4:

    In this guide, we restricted ourselves to:
    • Internet-facing services
    • Commonly used services
    • Devices which are used in business environments (this specifically
excludes XBoxes, Playsta-
    tions and similar consumer devices)

It's hard to draw a line on the user size or the environment.
Network-facing is a very good argument that's also unambigous,
nevertheless we have OTR and GPG in this guide. In my opinion these are
totally wrong there, we only create expectations that this guide will or
should include recommendations for users and critics can use this to
show the uselessness of the guide. Software that is clearly written for
end users, like GPG and OTR should get a place in a separate guide
'Applied Crypto Hardening for end users', but first let us finish this one.

I would focus on software that we would like to have included here. We
have Charybdis as only IRC-Server, are there any others?.
We have nothing on DNSSEC or DNSCurve (has been discussed here on the
list in 2014-02, one year ago [1]) and most agreed for including it.
What about DANE? It has also been mentioned in this thread, but with no
conclusion.

Sebastian

[1]: http://lists.cert.at/pipermail/ach/2014-February/001028.html

- -- 
python programming - mail server - photo - video - https://sebix.at
To verify my cryptographic signature or send me encrypted mails, get my
key at https://sebix.at/DC9B463B.asc or with gpg --keyserver
keys.gnupg.net --recv-key DC9B463B
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJU7wAxAAoJEBn0X+vcm0Y7vHoP/2F5+OTvHaTAMRvzeW0J94Ur
mItt196PwxdAgn2CjHKDqMphOzY/YPAwseG9dOfvEQ+a4F3Ioz7btyPtiJLyhxPm
Q1ojvfU611W6oaAGQ7KYakR0WL3gyprRH4v1J8fuPrXQdq3KwUWHk6AlpupgpRoz
A5FYv/JU7QwOo26K55l1kxzReKuaWlTQIBtjlHTEomnrktdNd1lSfundXqb25j5r
cpOvyc1MNvM87z1J5ZzmQC67jknPAOu4Xto/D7vYQXmpbFDIBW2Ycqugv/dEwnhG
XGqNXWh1udCZ8QCh+YwhVgLHsjJeQilxpUiSnxZFb3i7c3NNuFZ/P+csTniCOh5R
IZCT9YvCX/4fgGQYERKEa9Hfllj2BSRq676aPYUB/zejQHZ6dAVKpyjzIEdmqE9Q
AMsHR1b+vDDP+bZPaJrbApXjTMGeHCm7vx//c8Oq7scUrIPP1bSRWs4C3ktU2JYz
0G9F791smEUvVNVJHyXY0KL/AV3Yi37bJIR+abT7VTxT8obIhpX0zmg+wCF9myKV
mwhwJ4MlT4+NnPwitwdFz4TV/pOP5gsH4+AHJPdzCjOK0iLXSy71PZLNt84/KKAc
CDX9DpNVv5ZeiQKQOXGCXrD+xJpga1eF6pBsy4lMfG2tew9iNxJYMv9L2UV9NSPf
nQx4V8mt3OL6hqYaOY2l
=clXo
-----END PGP SIGNATURE-----