[Ach] Current OpenSSH settings (Was: "*poke* Is this alive, Jim?")
Paweł Krawczyk
pawel.krawczyk at hush.com
Sun Apr 23 12:58:13 CEST 2017
As with all open-source projects, most people would just silently assume
that there's someone "knowing better" working on the document and will
hesitate to engage. Including myself :) There's nothing wrong with
explicitly asking for help such as in this pull request
https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/142
On 04/23/2017 06:08 AM, Aaron Zauner wrote:
> Related to the original post: there's been discussion on the changes
> suggested by ilf.
>
> Please contribute over
> here: https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/133
>
> BTW: I also have my doubts about the state of this project at the
> time. Very few people have been contributing and reviewing suggested
> changes over the past two-or-more years. Unfortunately this is not a
> one-off project - it needs maintenance and to be checked regularly for
> errors, new findings or possible corrections. Unfortunately I don't
> see that happening at any point in the future. I've voiced similar
> concern more than two years ago already as people lost interest. I'm
> still going through GitHub PRs from time to time, but am mostly
> relying on configuration settings shipped by the upstream project or
> distribution, hand-picked settings and have been using the Mozilla
> cipherstrings (https://wiki.mozilla.org/Security/Server_Side_TLS) for
> TLS services for a long time, to be honest.
>
> Aaron / azet
>
> On Mon, Nov 28, 2016 at 12:21 PM, L. Aaron Kaplan <kaplan at cert.at
> <mailto:kaplan at cert.at>> wrote:
>
>
> > On 27 Nov 2016, at 21:10, ilf <ilf at zeromail.org
> <mailto:ilf at zeromail.org>> wrote:
> >
> > I think the interwebs really needs a project like BetterCrypto.
> >
>
> Thanks :)
>
> > Unfortunately, this project seems pretty dead to me.
> >
> > 1. The website https://bettercrypto.org/ has 8 posts: 1 in 2013,
> 5 in 2014, and 2 in 2015. There have been no updates in over 2.5
> years.
> >
>
> Well, it's not dead. I think there is simply a pause with the
> authors .
> One main contributor was gone now for nearly half a year.
>
> But, we definitely do intend to continue and adapt the guide the
> the lastest developments.
> This guide is also quite important for the authors for their own
> work (it's easy to look up current best practices).
> So, I would not worry about the future.
> A pause is a pause and not automatically death :)
>
> > 2. There have been a few updates in the repository, but only 4
> in the last 6 months:
> https://git.bettercrypto.org/ach-master.git/shortlog
> <https://git.bettercrypto.org/ach-master.git/shortlog>
> >
> > 3. The XMPP GroupChat advertised on
> https://bettercrypto.org/contribute/
> <https://bettercrypto.org/contribute/> is empty.
> >
> > 4. This list has about 1 thread per month. In August, one of
> those treads was a complaint about not receiving feedback.
> >
> > So: Is this thing still alive?
>
> Yes.
>
> >
> > If yes: Let's show some enthusiasm, update the website, submit a
> lightnening talk at 33C3, debate, and work!
> >
> So, guess what - a lightning talk at CCC is definitely in the
> making :)
> Me and Pepi will be there.
>
> > If no: Maybe it's time to shut this down? We're talking about
> crypto recommendations here, that stuff gets old quickly (bitrot,
> technical debt).
> >
> > What do you think?
> >
> > My original question was: I have written a recommendation for
> ssh_condig and sshd_config for OpenSSH 7.3. Where do I submit
> this? GitHub? THis list?
> https://git.bettercrypto.org/ach-master.git
> <https://git.bettercrypto.org/ach-master.git>?
> >
> Github pull request.
> Discussions are on this list.
>
> Best,
> a.
>
>
>
> --
> // CERT Austria
> // L. Aaron Kaplan <kaplan at cert.at <mailto:kaplan at cert.at>>
> // T: +43 1 505 64 16 78 <tel:%2B43%201%20505%2064%2016%2078>
> // http://www.cert.at
> // Eine Initiative der NIC.at Internet Verwaltungs- und Betriebs GmbH
> // http://www.nic.at/ - Firmenbuchnummer 172568b, LG Salzburg
>
>
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at <mailto:Ach at lists.cert.at>
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
> <http://lists.cert.at/cgi-bin/mailman/listinfo/ach>
>
>
>
>
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
--
Paweł Krawczyk
+44 7879 180015
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20170423/55459a54/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 862 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20170423/55459a54/attachment.sig>
More information about the Ach
mailing list