I think we have to differ between recommendations of technology (TLS 1.3, disable TLS ...) and HowTos for respective software.
Technology evolves fast, but if someone still has to use legacy software, or not the newest Linux distributions, then it is still useful to the get best security for these servers/devices. regards Klaus -- PS: Every Secondary Counts https://www.youtube.com/watch?v=y0if6D6IC4o > -----Ursprüngliche Nachricht----- > Von: Ach <[email protected]> Im Auftrag von Frank Thommen > Gesendet: Donnerstag, 11. Oktober 2018 19:14 > An: [email protected] > Betreff: [Ach] Successor project/paper of "Applied Crypto Hardening"? > > Hello, > > recently someone asked, if this (bettercrypto?) project is dead. My > impression is, that it is at least extremely passive. Not being a > security and network protocol expert I nevertheless think that the > "Applied Crypto Hardening" paper of 2016 > (https://bettercrypto.org/static/applied-crypto-hardening.pdf) is > probably very, very outdated and maybe even dangerous to rely on. > > Questions: > > a) Is there some kind of successor project/paper with up to date > copy-paste recommendations for good security settings as they > were published in this paper (which was fantastic at the time)? > > b) could/should the paper of 2016 not better be removed from the > website? > > > Cheers > frank > _______________________________________________ > Ach mailing list > [email protected] > https://lists.cert.at/cgi-bin/mailman/listinfo/ach _______________________________________________ Ach mailing list [email protected] https://lists.cert.at/cgi-bin/mailman/listinfo/ach
