<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>As with all open-source projects, most people would just silently
assume that there's someone "knowing better" working on the
document and will hesitate to engage. Including myself :) There's
nothing wrong with explicitly asking for help such as in this pull
request
<a class="moz-txt-link-freetext" href="https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/142">https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/142</a><br>
</p>
<br>
<div class="moz-cite-prefix">On 04/23/2017 06:08 AM, Aaron Zauner
wrote:<br>
</div>
<blockquote
cite="mid:CAN8NK9FzHUvP5G1s6_H90beA_jjJCWSQEjstaZFtF6fv61gA9w@mail.gmail.com"
type="cite">
<div dir="ltr">Related to the original post: there's been
discussion on the changes suggested by ilf.
<div><br>
</div>
<div>Please contribute over here: <a moz-do-not-send="true"
href="https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/133">https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/133</a></div>
<div><br>
</div>
<div>BTW: I also have my doubts about the state of this project
at the time. Very few people have been contributing and
reviewing suggested changes over the past two-or-more years.
Unfortunately this is not a one-off project - it needs
maintenance and to be checked regularly for errors, new
findings or possible corrections. Unfortunately I don't see
that happening at any point in the future. I've voiced similar
concern more than two years ago already as people lost
interest. I'm still going through GitHub PRs from time to
time, but am mostly relying on configuration settings shipped
by the upstream project or distribution, hand-picked settings
and have been using the Mozilla cipherstrings (<a
moz-do-not-send="true"
href="https://wiki.mozilla.org/Security/Server_Side_TLS">https://wiki.mozilla.org/Security/Server_Side_TLS</a>)
for TLS services for a long time, to be honest.</div>
<div><br>
</div>
<div>Aaron / azet</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Nov 28, 2016 at 12:21 PM, L.
Aaron Kaplan <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:kaplan@cert.at" target="_blank">kaplan@cert.at</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex"><span class="gmail-"><br>
> On 27 Nov 2016, at 21:10, ilf <<a
moz-do-not-send="true" href="mailto:ilf@zeromail.org">ilf@zeromail.org</a>>
wrote:<br>
><br>
> I think the interwebs really needs a project like
BetterCrypto.<br>
><br>
<br>
</span>Thanks :)<br>
<span class="gmail-"><br>
> Unfortunately, this project seems pretty dead to
me.<br>
><br>
> 1. The website <a moz-do-not-send="true"
href="https://bettercrypto.org/" rel="noreferrer"
target="_blank">https://bettercrypto.org/</a> has 8
posts: 1 in 2013, 5 in 2014, and 2 in 2015. There have
been no updates in over 2.5 years.<br>
><br>
<br>
</span>Well, it's not dead. I think there is simply a
pause with the authors .<br>
One main contributor was gone now for nearly half a year.<br>
<br>
But, we definitely do intend to continue and adapt the
guide the the lastest developments.<br>
This guide is also quite important for the authors for
their own work (it's easy to look up current best
practices).<br>
So, I would not worry about the future.<br>
A pause is a pause and not automatically death :)<br>
<span class="gmail-"><br>
> 2. There have been a few updates in the repository,
but only 4 in the last 6 months: <a
moz-do-not-send="true"
href="https://git.bettercrypto.org/ach-master.git/shortlog"
rel="noreferrer" target="_blank">https://git.bettercrypto.org/<wbr>ach-master.git/shortlog</a><br>
><br>
> 3. The XMPP GroupChat advertised on <a
moz-do-not-send="true"
href="https://bettercrypto.org/contribute/"
rel="noreferrer" target="_blank">https://bettercrypto.org/<wbr>contribute/</a>
is empty.<br>
><br>
> 4. This list has about 1 thread per month. In
August, one of those treads was a complaint about not
receiving feedback.<br>
><br>
> So: Is this thing still alive?<br>
<br>
</span>Yes.<br>
<span class="gmail-"><br>
><br>
> If yes: Let's show some enthusiasm, update the
website, submit a lightnening talk at 33C3, debate, and
work!<br>
><br>
</span>So, guess what - a lightning talk at CCC is
definitely in the making :)<br>
Me and Pepi will be there.<br>
<span class="gmail-"><br>
> If no: Maybe it's time to shut this down? We're
talking about crypto recommendations here, that stuff
gets old quickly (bitrot, technical debt).<br>
><br>
> What do you think?<br>
><br>
> My original question was: I have written a
recommendation for ssh_condig and sshd_config for
OpenSSH 7.3. Where do I submit this? GitHub? THis list?
<a moz-do-not-send="true"
href="https://git.bettercrypto.org/ach-master.git"
rel="noreferrer" target="_blank">https://git.bettercrypto.org/<wbr>ach-master.git</a>?<br>
><br>
</span>Github pull request.<br>
Discussions are on this list.<br>
<br>
Best,<br>
a.<br>
<br>
<br>
<br>
--<br>
// CERT Austria<br>
// L. Aaron Kaplan <<a moz-do-not-send="true"
href="mailto:kaplan@cert.at">kaplan@cert.at</a>><br>
// T: <a moz-do-not-send="true"
href="tel:%2B43%201%20505%2064%2016%2078"
value="+431505641678">+43 1 505 64 16 78</a><br>
// <a moz-do-not-send="true" href="http://www.cert.at"
rel="noreferrer" target="_blank">http://www.cert.at</a><br>
// Eine Initiative der NIC.at Internet Verwaltungs- und
Betriebs GmbH<br>
// <a moz-do-not-send="true" href="http://www.nic.at/"
rel="noreferrer" target="_blank">http://www.nic.at/</a>
- Firmenbuchnummer 172568b, LG Salzburg<br>
<br>
<br>
______________________________<wbr>_________________<br>
Ach mailing list<br>
<a moz-do-not-send="true" href="mailto:Ach@lists.cert.at">Ach@lists.cert.at</a><br>
<a moz-do-not-send="true"
href="http://lists.cert.at/cgi-bin/mailman/listinfo/ach"
rel="noreferrer" target="_blank">http://lists.cert.at/cgi-bin/<wbr>mailman/listinfo/ach</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Ach mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Ach@lists.cert.at">Ach@lists.cert.at</a>
<a class="moz-txt-link-freetext" href="http://lists.cert.at/cgi-bin/mailman/listinfo/ach">http://lists.cert.at/cgi-bin/mailman/listinfo/ach</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Paweł Krawczyk
+44 7879 180015</pre>
</body>
</html>