Website ======== BIG TOPICS ========== * write a Justification section to every setting, maybe have that later in the document. * move the explanations to a later part of the document. Code snippets go *first* . The target group is sysadmins, must be easily copy & paste-able. Or find a different way so that they can easily use/read the document * Write section 7.3 (-> Adi . How to chose your own cipher string + screenshots) Formatting ========== DONE * one-column layout: make page margins smaller DONE * add large "DRAFT" letters on top of every page. make the git version number part of the document * Layout of sample code (lstisting format) : make it pretty! Workflow ======== * how to keep things up to date? * how to automatically test compatibility? * how to make sure that this document has the latest information on cipher strengths? Contents ======== 1. document the abstract needs that we have for the cipher settings (HSTS etc) Then find the best cipher setting strings per se Only then put it to all servers and keep it rather uniformely (as much as possible) 2. Test all settings * Test with more clients and other OSes than OSX / iPhone!! * document (cite) EVERYTHING! Why we chose certain values. Referneces, references, references. Otherwise it does not count! Srsly!! * .bib file is completely wrong. Make good citations/references. Add books: Schneier, ... * !! important: add the version string to everything that we tested!! * two target groups: - security specialists / freaks who want the very best settings - should as many clients work with the settings as possible * look at TLS1.2 specs and really check if we want all of these settings Section 6 ---------- Still missing subsubsections: * Exchange Server - SMTP, POP, IMAP * Exim4 (-> Adi & Wolfgang Breya) * Checkpoint (-> cm) * Asa / Palo Alto (-> Azet) * Terminal Server (VNC, TeamViewer), * Squid * Mobile devices: - Android - iPhone - RNDG section ------------ - add two, three sentences - mention HaveGED - embedded devices are a problem Contacting / who? ================= * Juniper * Cisco * Leithold LATER / further ================ * OpenLDAP (-> Adi) * Windows Active Directory