<div dir="ltr">Hello Aaron,<div><br></div><div>You are right, we should finish.</div><div><br></div><div>What about making "issues" on GitHub? Just to keep trace of the needed tasks and who do what ;).</div><div>
<br></div><div>Regarding TODO, I would keep them for v 1.1 or v 2.0 :-D.</div><div><br></div><div>Best regards,</div><div><br></div><div>David</div><div class="gmail_extra"><br><br><div class="gmail_quote">2014-03-21 0:44 GMT+01:00 Aaron Zauner <span dir="ltr"><<a href="mailto:azet@azet.org" target="_blank">azet@azet.org</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
We should get to work again I guess and finish our first release.<br>
<br>
I've given some thought to the most pressing point and still have a<br>
couple of open questions that a consent of people working on the draft<br>
might solve easily.<br>
<br>
* remove PKI part or shorten it significantly, two reasons:<br>
- it's too long, but does only cover very basic stuff<br>
- it does only mention openssl (and only basics) with no<br>
further information on windows, OSX and UNIX PKI<br>
<br>
* remove the choosing your own cipher string section, I've<br>
argued for that repeatedly since I first tried to finish<br>
it. The main reasons:<br>
- It took us a long time to come up with sane defaults<br>
this is not something anyone should 'just do'. we do<br>
put out these recommendations for a reason, so people<br>
do not have to go through that on their own and may<br>
make fatal (security wise) mistakes<br>
- It would get far to extensive and speculative<br>
- Maintenance of that section will be a huge burden<br>
- We do not have anyone working on it. Adi has did not<br>
finish it, and after some consideration I will not do<br>
this eiter for the above mentioned points<br>
<br>
* remove any configuration section that still lacks most of the<br>
information or is completely untested<br>
<br>
* unify all configurations to the same format, that means:<br>
- 'tested with version',<br>
'settings',<br>
'notes/additional notes',<br>
'references',<br>
'how to test'.<br>
every configuration we mention should have those subs<br>
<br>
* improve overall readability of the paper:<br>
- move the theory section to the front again (I've been<br>
speaking with Ops and Academic people, most do find it<br>
confusing that the theory section is at the end, and a<br>
lot of people simply overlook it and email this very<br>
mailing list with questions to references and<br>
reasoning. put theory first, configurations in<br>
appropriate appendices. this is also easier to extend<br>
and maintain in the future.<br>
- reference authors and affiliation in a linked manner,<br>
e.g. for friedrich alexander university there are now<br>
two people contributing<br>
- reference e-mail addresses of the authors and put the<br>
mailing list address first with a note<br>
<br>
* checksum<br>
- the final version of the paper should have a<br>
cryptographic checksum in the PDF as well as in a<br>
separate file (SHA-512 or Tiger will do just fine)<br>
<br>
<br>
I'd like input on these issues (especially about unifying all<br>
configurations, I cannot do that all by myself). We do need proof<br>
reading as well. It's a 94 page document already so this will probably<br>
not be done by a single person.<br>
<br>
Thanks for your attention,<br>
Aaron<br>
<br>
<br>_______________________________________________<br>
Ach mailing list<br>
<a href="mailto:Ach@lists.cert.at" target="_blank">Ach@lists.cert.at</a><br>
<a href="http://lists.cert.at/cgi-bin/mailman/listinfo/ach" target="_blank">http://lists.cert.at/cgi-bin/mailman/listinfo/ach</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br>David DURVAUX
</div></div>