--------- Original Message --------- Subject: Re: ApacheCon Austin, httpd track From: "Rich Bowen" <rbo...@rcbowen.com> Date: 12/2/14 8:29 am To: dev@httpd.apache.org
On 12/01/2014 08:15 PM, Daniel Ruggeri wrote: > A side note on SSL/security: I had the idea a few years back that there > is probably enough content to do a "here is 5 minutes about how to > configure SSL in httpd" and then 50 minutes of other important security > topics (What Ciphers should I enable? Should I use SSLv3 any more? How > to treat my keys and what the hell is an HSM anyway? Passphrase > encrypted keys or not? Should I trust my distro's build?). Thoughts are > welcome on that topic... not sure if I'm overly paranoid or if these are > things that people actually want to hear? Given the focus on SSL in the last year, I think that a talk exactly like that would be appreciated, and could even be a great talk to use to market the track as a whole. I think a lot of people are waking up to the fact that they have no idea what SSL/TLS actually is, and some in-depth teaching on it seems like it would be welcome. Rich raises a great point - you could probably even propose a full half day training, and spend a bit of time on configuring different ASF projects (e.g. httpd, Tomcat) while aiming squarely at the state of SSL cryptography itself. I'm certain that class would get some nice registration numbers.
