\section{Methods}
+\label{section:Methods}
-Since many years, NIST\footnote{\url{http://www.nist.gov/}} is the most
-prominent standardisation institute industry would consult for recommendations
-in the field of cryptography. However, the NSA leaks of 2013 showed that even
-certain NIST recommendations were
-subverted\footnote{\url{http://www.scientificamerican.com/article.cfm?id=nsa-nist-encryption-scandal}}
-by the NSA. As a consequence, NIST initiated a review process of their
-standardisation
-efforts\footnote{\url{http://csrc.nist.gov/groups/ST/crypto-review/index.html}}.
-However, for the purposes of this document and at the time of this writing, we
-can not blindly trust NIST's recommendations on cipher and cipher suite
-settings at this very moment.
-Instead, we chose to collect the most well known facts about crypto-settings
+For writing this guide, we chose to collect the most well known facts about crypto-settings
and let as many trusted specialists as possible review these settings. The
review process is completely open and done on a public mailing list. The
document is available (read-only) to the public Internet on a git server and
thus can be traced back to a specific author. We do not trust an unknown git
server.
-Public peer-review / ``multiple eyes'' checking our recommendation is the best
-strategy we can imagine at the moment.
+Public peer-review and ``multiple eyes'' checking our recommendation is the best
+strategy we can imagine at the moment\footnote{\url{http://www.wired.com/opinion/2013/10/how-to-design-and-defend-against-the-perfect-backdoor/}}.
-
-C.O.S.H.E.R. = completely open source, headers, engineering and research!
git.bettercrypto.org / ach-master.git / blobdiff