[Ach] [cryptography] Better Crypto
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Jan 16 13:13:52 CET 2014
"L. Aaron Kaplan" <kaplan at cert.at> writes:
>So, Peter, how about this approach?
Sorry about the delayed reply, too much other stuff on my plate at the
moment...
>1. We will have three config options: cipher String A,B,C ( generic safe
>config, maximum interoperability (== this also makes the mozilla people happy
>then) and finally a super-hardened setting (with reduced compatibility)).
>Admins will get a choice and explanations on when to use which option.
That sounds good.
>3. we give people a config generator tool on the webpage which gives them
>snippets which they can include into their webservers, mailservers etc. The
>tool also shows admins (color codes?) which settings are compatible, unsafe
>etc.
Now that would be very useful.
>4. In addition to having the config generator on the web page, the config
>snippets are moved to the appendix (as you suggested). The theory section
>moves up.
Yup, good idea. The single-location-for-config solves the problem of having a
cut&paste of the same (or possibly somewhat out-of-sync when the doc is
updated) text in a dozen or more locations.
Peter.
More information about the Ach
mailing list