Minor changes
[ach-master.git] / TODO.md
diff --git a/TODO.md b/TODO.md
index be1755c..b1c290c 100644 (file)
--- a/TODO.md
+++ b/TODO.md
@@ -1,12 +1,14 @@
 Bug Fixes
 =========
-Reported by: @Wims80 http://twitter.com/wims80/status/425770704693239808
+DONE Reported by: @Wims80 http://twitter.com/wims80/status/425770704693239808
 Section Apache 2.1.1 recommends Rewrite instead of Redirect. Should be 301! (We correctly recommend 301 in the nginx section.)
 
 
 2014-02-11 19:41
 OpenVPN cipher string doesn't work with 2.3.2 according to: @bong0.
-tlc-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-CAMELLIA-128-CBC-SHA:TLS-RSA-WITH-AES-128-CBC-SHA
+Openvpn deprecated cipher string from the pdf. Therefore @bong0 hacked a script converting log messages to a sed expression https://gist.github.com/bong0/8941764 to run over an existing config file.
+output:
+tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-CAMELLIA-128-CBC-SHA:TLS-RSA-WITH-AES-128-CBC-SHA
 http://twitter.com/bong0/status/433306823001526272
 http://twitter.com/bong0/status/433307537375387648
 http://nopaste.info/d194fdaa78.html
@@ -15,13 +17,37 @@ user's OpenVPN linked against OpenSSL 1.0.0. on Wheezy backport.
 http://packages.debian.org/wheezy-backports/openvpn
 
 
+2014-02-27 22:59
+I think we should add the supported SSL / TLS versions from Microsoft IIS.
+http://twitter.com/gegch/status/439156512599322625
+
+2014-05-23 23:14
+@BetterCrypto @MacLemon speaking of feedback, generating CSRs, revocation certs, and managing them would be a welcome addition
+http://twitter.com/yawnbox/status/469948745589612544
+
+2014-06-20
+Some links go to the website instead of within the PDF.
+
+
+@mindfuckup: @BetterCrypto I noticed that the links in the BetterCrypto PDF are broken. (→ https://bettercrypto.org/static/configuration/Webservers/nginx/default) Is there no online version available?
+http://twitter.com/mindfuckup/status/480329385221054464
+
+@mindfuckup: @BetterCrypto @MacLemon I use Evince, the TOC works fine but the icon on the right are linking to the external site: https://github.com/BetterCrypto/Applied-Crypto-Hardening/blob/master/src/applied-crypto-hardening.tex#L20
+http://twitter.com/mindfuckup/status/480336371425767424
+
+https://github.com/BetterCrypto/Applied-Crypto-Hardening/blob/master/src/applied-crypto-hardening.tex#L20
+
+
+
+
+
 BIG TOPICS
 ==========
 
 
 * Blackhat presentation on RSA problems!! -> ECC + ECDSA instead (recommendation of P.Zimmermann @STRINT workshop 2014)
 
-* be consistent: 2048 RSA < 128 bit symmetric cipher strength. We should aim at 128+ bits symmetric strength. --> fix RSA 2048 in the document. Upgrade to 3072
+* be consistent: 2048 RSA < 128 bit symmetric cipher strength. We should aim at 128+ bits symmetric strength. --> fix RSA 2048 in the document. Upgrade to 3248 (ECRYPT II) -> 4096bit (+group16)
 
 * clean up 9.5 "chossing your own cipher"