On 7/01/14 13:18 PM, L. Aaron Kaplan wrote:
None if this is perfect yet of course. One of the very productive feedback
results was that we should make a HTML version.
A wiki... I would say.
1. We will have three config options: cipher String A,B,C ( generic safe
config, maximum interoperability (== this also makes the mozilla people happy
then) and finally a super-hardened setting (with reduced compatibility)).
Admins will get a choice and explanations on when to use which option.
You could call them:
Suite A: maximum security, super hard
Suite B: general safe
Suite C: maximum compatibility
;) or if you're worried about being sued for trademark violation, how
abouts:
Sweet A,
Bravo B,
Crazy C!
It would be nice if, typographically, we could see them on the page in
some easy fashion. Like, A at left, B in middle, C at right, in
consistent columns. Or in colours.
That way, a sysadm could implement things in C easily, then move from
right to left and try things out.
Of course, this is only icing on the cake. If it can do B above,
general safe, then that is really a step forward for the world.
2. (time-wise) first we focus on some of the weak spots in the guide like
the ssh config (client config is missing...), the theory section etc.
3. we give people a config generator tool on the webpage which gives them
snippets which they can include into their webservers, mailservers etc. The
tool also shows admins (color codes?) which settings are compatible, unsafe etc.
4. In addition to having the config generator on the web page, the config
snippets are moved to the appendix (as you suggested). The theory section moves
up.
I think the config cut&paste sections are what is important. As Peter
mentioned. I'd flip that around:
Config sections are the bulk. References to theory found in the
Appendix, frequent tips that you'll enjoy some theory too.
It's an advice guide, not a schoolbook.
Would that be more in your line of thinking?
Anyway, we will have a authors' meeting today at ~ 19:00 CET and can discuss
this.
Anyone who wants to join via teleconference: please get in contact with me. We
will arrange for remote participation.
good luck. I'm missing out on all the fun. Again!
iang
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography