[Ach] Successor project/paper of "Applied Crypto Hardening"?

Dominic Schallert ds at schallert.com
Fri Oct 12 18:38:06 CEST 2018

And (most of the time) they are also ahead of all nice BSI/NIST documents…
Like for example Google with it’s shift to Cacha20-Poly1305, DNS over TLS, QUIC, etc.  ;-)

> Am 12.10.2018 um 18:34 schrieb Dominic Schallert <ds at schallert.com>:
> Hi Rene,
>> I have noticed quite the contrary. TLS v1.0 and TLS v1.1 is still in use,
>> even TLS v1.2 - many years after the standards were being published.
>> Adoption is very slow. I am sure that TLS v1.3 implementation will take a
>> couple of years.
>> This being said, yes, the best practices and recommendations change, but
>> not as often as people buy new clients. The ACH guide is still valid for
>> most configurations.
> That’s the problem. There are some driving forces like Google[1],
> Github[2] or Cloudflare[3] which usually are light-years ahead of the
> majority of other companies. Generally it’s very safe to say that what
> these companies do, can be considered as current best practice.
> Just to give a few examples..
> [1] https://tools.ietf.org/html/rfc7905 <https://tools.ietf.org/html/rfc7905>
> [2] https://githubengineering.com/crypto-removal-notice/ <https://githubengineering.com/crypto-removal-notice/>
> [3] https://blog.cloudflare.com/introducing-tls-1-3/ <https://blog.cloudflare.com/introducing-tls-1-3/>
> Cheers
> Dominic

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20181012/65391a56/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.cert.at/pipermail/ach/attachments/20181012/65391a56/attachment.sig>

More information about the Ach mailing list