[Ach] Current OpenSSH settings (Was: "*poke* Is this alive, Jim?")

Paweł Krawczyk pawel.krawczyk at hush.com
Sun Apr 23 12:58:13 CEST 2017 

As with all open-source projects, most people would just silently assume
that there's someone "knowing better" working on the document and will
hesitate to engage. Including myself :) There's nothing wrong with
explicitly asking for help such as in this pull request
https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/142


On 04/23/2017 06:08 AM, Aaron Zauner wrote:
> Related to the original post: there's been discussion on the changes
> suggested by ilf.
>
> Please contribute over
> here: https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/133
>
> BTW: I also have my doubts about the state of this project at the
> time. Very few people have been contributing and reviewing suggested
> changes over the past two-or-more years. Unfortunately this is not a
> one-off project - it needs maintenance and to be checked regularly for
> errors, new findings or possible corrections. Unfortunately I don't
> see that happening at any point in the future. I've voiced similar
> concern more than two years ago already as people lost interest. I'm
> still going through GitHub PRs from time to time, but am mostly
> relying on configuration settings shipped by the upstream project or
> distribution, hand-picked settings and have been using the Mozilla
> cipherstrings (https://wiki.mozilla.org/Security/Server_Side_TLS) for
> TLS services for a long time, to be honest.
>
> Aaron / azet
>
> On Mon, Nov 28, 2016 at 12:21 PM, L. Aaron Kaplan <kaplan at cert.at
> <mailto:kaplan at cert.at>> wrote:
>
>
>     > On 27 Nov 2016, at 21:10, ilf <ilf at zeromail.org
>     <mailto:ilf at zeromail.org>> wrote:
>     >
>     > I think the interwebs really needs a project like BetterCrypto.
>     >
>
>     Thanks :)
>
>     > Unfortunately, this project seems pretty dead to me.
>     >
>     > 1. The website https://bettercrypto.org/ has 8 posts: 1 in 2013,
>     5 in 2014, and 2 in 2015. There have been no updates in over 2.5
>     years.
>     >
>
>     Well, it's not dead. I think there is simply a pause with the
>     authors .
>     One main contributor was gone now for nearly half a year.
>
>     But, we definitely do intend to continue and adapt the guide the
>     the lastest developments.
>     This guide is also quite important for the authors for their own
>     work (it's easy to look up current best practices).
>     So, I would not worry about the future.
>     A pause is a pause and not automatically death :)
>
>     > 2. There have been a few updates in the repository, but only 4
>     in the last 6 months:
>     https://git.bettercrypto.org/ach-master.git/shortlog
>     <https://git.bettercrypto.org/ach-master.git/shortlog>
>     >
>     > 3. The XMPP GroupChat advertised on
>     https://bettercrypto.org/contribute/
>     <https://bettercrypto.org/contribute/> is empty.
>     >
>     > 4. This list has about 1 thread per month. In August, one of
>     those treads was a complaint about not receiving feedback.
>     >
>     > So: Is this thing still alive?
>
>     Yes.
>
>     >
>     > If yes: Let's show some enthusiasm, update the website, submit a
>     lightnening talk at 33C3, debate, and work!
>     >
>     So, guess what - a lightning talk at CCC is definitely in the
>     making :)
>     Me and Pepi will be there.
>
>     > If no: Maybe it's time to shut this down? We're talking about
>     crypto recommendations here, that stuff gets old quickly (bitrot,
>     technical debt).
>     >
>     > What do you think?
>     >
>     > My original question was: I have written a recommendation for
>     ssh_condig and sshd_config for OpenSSH 7.3. Where do I submit
>     this? GitHub? THis list?
>     https://git.bettercrypto.org/ach-master.git
>     <https://git.bettercrypto.org/ach-master.git>?
>     >
>     Github pull request.
>     Discussions are on this list.
>
>     Best,
>     a.
>
>
>
>     --
>     //  CERT Austria
>     //  L. Aaron Kaplan <kaplan at cert.at <mailto:kaplan at cert.at>>
>     //  T: +43 1 505 64 16 78 <tel:%2B43%201%20505%2064%2016%2078>
>     //  http://www.cert.at
>     //  Eine Initiative der NIC.at Internet Verwaltungs- und Betriebs GmbH
>     //  http://www.nic.at/ - Firmenbuchnummer 172568b, LG Salzburg
>
>
>     _______________________________________________
>     Ach mailing list
>     Ach at lists.cert.at <mailto:Ach at lists.cert.at>
>     http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>     <http://lists.cert.at/cgi-bin/mailman/listinfo/ach>
>
>
>
>
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach

-- 
Paweł Krawczyk
+44 7879 180015

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20170423/55459a54/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 862 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20170423/55459a54/attachment.sig>

More information about the Ach mailing list