[Ach] rfc7525

[Maciej Soltysiak]

Well, I think Bettercrypto users should feel comfortable if the advice
given has also been vetted and recommended by IETF through a formal RFC
document.

I think the RFC is an additional pillar supporting bettercrypto - in no way
replacing the technical instructions provided.

RFC is general guidance.
Bettercrypto is instructions.

Best regards,
Maciej

On Sun, May 31, 2015 at 10:52 PM, Max Maass <max at velcommuta.de> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> I have not read the full RFC yet, but I just wanted to note that they
> are actually referencing ACH in that RFC:
> https://tools.ietf.org/html/rfc7525#ref-BETTERCRYPTO
>
> So, ACH has definitely not become obsolete because of this RFC - and I
> would not expect it to do so in the future, since the RFC is mostly
> concerned with the general concepts of TLS, while ACH is actually
> offering actionable advice on specific software and its configuration.
> So, the goals are different and, in my view, they will probably
> complement each other instead of conflicting.
>
> But, as I said, I haven't read it through yet, so I'd also be
> interested in "gossip" :).
>
> On 31.05.2015 15:03, ianG wrote:
> > On 31/05/2015 12:00 pm, Aaron Zauner wrote:
> >> Hi Ian,
> >>
> >> * Ian G <iang at iang.org> [30/05/2015 14:59:57] wrote:
> >>> Has anyone considered/used/reviewed the document known as
> >>> RFC7525?
> >>>
> >>> https://tools.ietf.org/html/rfc7525
> >>
> >> I have. What do you want to know? :)
> >
> >
> > Of course you have ;-)  What I wanted to know ... well, just gossip
> > really.
> >
> >
> >
> > How does their project compare to the BetterCrypto project?  Can we
> > shut up shop now that the IETF is in the game?  Is there a very
> > different purpose?  Or are they just faffing around in committee
> > again...
> >
> > Does the RFC format help?  I would have thought the notion of
> > publishing an RFC was strictly wrong because security is an arms
> > race and only a dynamic document process can help.
> >
> > How did their work compare to BetterCrypto's advice?  Was there
> > anything in there that we didn't know?  Is there anything they
> > didn't know?
> >
> > Is their advice useful to ... whom?  sysadms?  Implementors?
> > Designers? I gave it a quick skim and it seemed to be rather ...
> > useless to sysadms for example.
> >
> >
> >
> > Really, gossip!  As you might know there is this rolling foodfight
> > over protocol design going on over at IETF as people are pointing
> > out that the process they use might be part of the problem not the
> > solution.
> >
> >
> >
> > iang _______________________________________________ Ach mailing
> > list Ach at lists.cert.at
> > http://lists.cert.at/cgi-bin/mailman/listinfo/ach
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
>
> iQJ8BAEBCgBmBQJVa3SoXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
> ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEM0ODA5N0EzQUY3RDU1MTg5QTc3QUMx
> NjlGOTYyNDM0MDg4MjVFAAoJEBafliQ0CIJe598P/10GWwWZfV8alnCsERSyndi7
> EMcxYtqRn7a3RHcTuzObWd3lZeOf/x019kt3lsvaPe/Bwbh9CHJnsSoWiiWiIpna
> m+TV+thZyUNf2DrPvc1cDid2a1vra52L839a9lG2X8YIHjx3jIbUPK9cFptRPBQH
> /j2hmUlgyVv6amuxeDpSmUwtkNVTcdDayMpuE371Ye6FEdpH6vZY0nFpgrHkPk0F
> DJYyDgxRUXCR3OGLzNaXd8KrqBwzNuynBEqw/apc1+241yypWpkVa8F5h77SCPxR
> KcCBZNFmFSl9BjXBciIKC0NyGXzT7j+83Wl4JP1xExlN7KSgkG3VyU4i57HCpK12
> wMoOz04VtdYOg46yk1dOQe4DQrwFk3Ji/nk/9pGSTCaMK+GHiNF06lKd/gUwcoIF
> YCwdtyNYb7kd+6IUERbCmasiTm2TDc0WE5R1LCiJvglrznh/LBtUJHZBjLbUdI7q
> 5MBnmnJelHxXmQHnSImO3X+BcYsVqlxqYKaZJFs9k/jWc0QBT8eSua6QbmhgHecb
> 0vnYGuv61OEnjCLF82vrU/mIP0u+5+1zLGOfNDHgyd7p2SkY/L8/a/mRuqNqFwyn
> 6oT0HLWdlZazuAoGgtOu2gi43lXpo5TOdndaULnOKxYlLI1+v9IQLCQkBT7Ecxio
> aUBbpsT+vC76PPQpkOrI
> =eUcr
> -----END PGP SIGNATURE-----
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20150601/2c99d84f/attachment.html>