Related to the original post: there's been discussion on the changes suggested by ilf.
Please contribute over here: https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/133 BTW: I also have my doubts about the state of this project at the time. Very few people have been contributing and reviewing suggested changes over the past two-or-more years. Unfortunately this is not a one-off project - it needs maintenance and to be checked regularly for errors, new findings or possible corrections. Unfortunately I don't see that happening at any point in the future. I've voiced similar concern more than two years ago already as people lost interest. I'm still going through GitHub PRs from time to time, but am mostly relying on configuration settings shipped by the upstream project or distribution, hand-picked settings and have been using the Mozilla cipherstrings ( https://wiki.mozilla.org/Security/Server_Side_TLS) for TLS services for a long time, to be honest. Aaron / azet On Mon, Nov 28, 2016 at 12:21 PM, L. Aaron Kaplan <[email protected]> wrote: > > > On 27 Nov 2016, at 21:10, ilf <[email protected]> wrote: > > > > I think the interwebs really needs a project like BetterCrypto. > > > > Thanks :) > > > Unfortunately, this project seems pretty dead to me. > > > > 1. The website https://bettercrypto.org/ has 8 posts: 1 in 2013, 5 in > 2014, and 2 in 2015. There have been no updates in over 2.5 years. > > > > Well, it's not dead. I think there is simply a pause with the authors . > One main contributor was gone now for nearly half a year. > > But, we definitely do intend to continue and adapt the guide the the > lastest developments. > This guide is also quite important for the authors for their own work > (it's easy to look up current best practices). > So, I would not worry about the future. > A pause is a pause and not automatically death :) > > > 2. There have been a few updates in the repository, but only 4 in the > last 6 months: https://git.bettercrypto.org/ach-master.git/shortlog > > > > 3. The XMPP GroupChat advertised on https://bettercrypto.org/contribute/ > is empty. > > > > 4. This list has about 1 thread per month. In August, one of those > treads was a complaint about not receiving feedback. > > > > So: Is this thing still alive? > > Yes. > > > > > If yes: Let's show some enthusiasm, update the website, submit a > lightnening talk at 33C3, debate, and work! > > > So, guess what - a lightning talk at CCC is definitely in the making :) > Me and Pepi will be there. > > > If no: Maybe it's time to shut this down? We're talking about crypto > recommendations here, that stuff gets old quickly (bitrot, technical debt). > > > > What do you think? > > > > My original question was: I have written a recommendation for ssh_condig > and sshd_config for OpenSSH 7.3. Where do I submit this? GitHub? THis list? > https://git.bettercrypto.org/ach-master.git? > > > Github pull request. > Discussions are on this list. > > Best, > a. > > > > -- > // CERT Austria > // L. Aaron Kaplan <[email protected]> > // T: +43 1 505 64 16 78 > // http://www.cert.at > // Eine Initiative der NIC.at Internet Verwaltungs- und Betriebs GmbH > // http://www.nic.at/ - Firmenbuchnummer 172568b, LG Salzburg > > > _______________________________________________ > Ach mailing list > [email protected] > http://lists.cert.at/cgi-bin/mailman/listinfo/ach > >
_______________________________________________ Ach mailing list [email protected] http://lists.cert.at/cgi-bin/mailman/listinfo/ach
