This whitepaper arose out of the need for system administrators to have an
updated, solid, well researched and thought-through guide for configuring SSL,
-PGP, SSH and other cryptographic tools in the post-PRISM age. Triggered by the NSA
+PGP, SSH and other cryptographic tools in the post-Snowden age. Triggered by the NSA
leaks in the summer of 2013, many system administrators and IT security
officers saw the need to strengthen their encryption settings.
This guide is specifically written for these system administrators.
\textbf{Explanation}
For a detailed explanation of the cipher suites chosen, please see
-\ref{section:ChosingYourOwnCipherSuites}. In short, finding the perfect cipher
+\ref{section:ChoosingYourOwnCipherSuites}. In short, finding the perfect cipher
string is impossible and must be a tradeoff. On the one hand
there are mandatory and optional ciphers defined in a few RFCs, on the other hand
there are clients and servers only implementing subsets of the specification.
\todo{write this section. The idea here is to first document which server (and openssl) version we assumed. Once these parameters are fixe, we then list all clients which are supported for Variant A) and B). Therefore we can document compatibilities to some extent. The sysadmin can then chose roughly what he looses or gains by omitting certain cipher suites.}
-\subsection{Chosing your own cipher suites}
-\label{section:ChosingYourOwnCipherSuites}
+\subsection{Choosing your own cipher suites}
+\label{section:ChoosingYourOwnCipherSuites}
\todo{ Adi... you want to describe how to make your own selection of cipher suites here. The text below was simply the old text, still left here for reference.}
%%% NOTE: we do not need to list this all here, can move to an appendix
git.bettercrypto.org / ach-master.git / commitdiff