[Ach] Successor project/paper of "Applied Crypto Hardening"?

Klaus Darilion klaus.darilion at nic.at
Tue Oct 16 15:46:30 CEST 2018

I think we have to differ between recommendations of technology (TLS 1.3, disable TLS ...) and HowTos for respective software.

Technology evolves fast, but if someone still has to use legacy software, or not the newest Linux distributions, then it is still useful to the get best security for these servers/devices.


PS: Every Secondary Counts

> -----Urspr√ľngliche Nachricht-----
> Von: Ach <ach-bounces at lists.cert.at> Im Auftrag von Frank Thommen
> Gesendet: Donnerstag, 11. Oktober 2018 19:14
> An: ach at lists.cert.at
> Betreff: [Ach] Successor project/paper of "Applied Crypto Hardening"?
> Hello,
> recently someone asked, if this (bettercrypto?) project is dead.  My
> impression is, that it is at least extremely passive.  Not being a
> security and network protocol expert I nevertheless think that the
> "Applied Crypto Hardening" paper of 2016
> (https://bettercrypto.org/static/applied-crypto-hardening.pdf) is
> probably very, very outdated and maybe even dangerous to rely on.
> Questions:
>    a) Is there some kind of successor project/paper with up to date
>       copy-paste recommendations for good security settings as they
>       were published in this paper (which was fantastic at the time)?
>    b) could/should the paper of 2016 not better be removed from the
>       website?
> Cheers
> frank
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> https://lists.cert.at/cgi-bin/mailman/listinfo/ach

More information about the Ach mailing list