Merge branch 'master' of https://git.bettercrypto.org/ach-master
authorAaron Kaplan <aaron@lo-res.org>
Mon, 20 Oct 2014 21:52:30 +0000 (23:52 +0200)
committerAaron Kaplan <aaron@lo-res.org>
Mon, 20 Oct 2014 21:52:30 +0000 (23:52 +0200)
presentations/HACK.LU-2014/presentation/agenda.md
presentations/HACK.LU-2014/presentation/img/exampleApache-rewrite.png [new file with mode: 0644]
presentations/HACK.LU-2014/presentation/img/exampleApache.png [new file with mode: 0644]
presentations/HACK.LU-2014/presentation/img/medical-test.jpg [new file with mode: 0644]
presentations/HACK.LU-2014/presentation/img/openssl-s_client.png [new file with mode: 0644]
presentations/HACK.LU-2014/presentation/img/ssllabs.png [new file with mode: 0644]
presentations/HACK.LU-2014/presentation/img/ssllabs2.png [new file with mode: 0644]
presentations/HACK.LU-2014/presentation/img/ssllabs3.png [new file with mode: 0644]
presentations/HACK.LU-2014/presentation/img/sslscan.png [new file with mode: 0644]

index c180bf5..c543d3f 100644 (file)
@@ -14,6 +14,7 @@
 ---
 # Overview 
 
+Part 1:
   1. Intro & Motivation
   2. How we got started, how we work, what's there, what's missing, 
      how to use the guide
   4. Theory
   4. 10:10 __break__
   5. Theory (cont.)
+  5. Practical settings
+Part 2:
   6. Attacks
   7. Current trends (IETF, ...)
   7. wrap up
+  8. next steps
   9. 11:45 __lunch__
     
 
@@ -311,10 +315,6 @@ We still recommend perfect forward secrecy.
   * Re-generate keys from time to time
 
 
-# Attacks
-
-... next PDF... :)
-
 # Cipher suites
 
   * What is a SSLCipherSuite?
@@ -405,6 +405,7 @@ _WISHLIST_:
 
   * Everything as HTML (easier to copy & paste)
   * Config generator on the website
+  * Automatic testing suite
 
 
 
@@ -427,3 +428,115 @@ _WISHLIST_:
 
 # How to test - Tools
 
+  * openssl s_client  (or gnutls-cli)
+  * **ssllabs.com**: checks for servers as well as clients
+  * xmpp.net
+  * sslscan
+  * SSLyze
+
+
+# Tools: openssl s_client
+
+   openssl s_client -showcerts â€“connect git.bettercrypto.org:443
+
+![openssl s_client](img/openssl-s_client.png)
+
+# Tools: sslscan
+
+![sslscan](img/sslscan.png)
+
+
+# Tools: ssllabs.com
+
+![ssllabs.com](img/ssllabs.png)
+
+
+# Tools: sslllabs.com (2)
+
+![ssllabs.com](img/ssllabs2.png)
+
+
+# Tools: sslllabs.com (3)
+
+![ssllabs.com](img/ssllabs3.png)
+
+# /End of Part 1
+
+
+# Begin Part 2: Attacks, current topics, reactions from the Internet community
+
+-> azet
+
+
+
+
+# Wrap-up
+
+
+![Wrap-up](img/wrap-up.jpg)
+
+
+# Current state as of 2014/10/06
+
+  * OK: More or less solid basis with Variant (A) and (B)
+( Some minor modifications needed - maybe)
+  * Public draft was presented at the CCC Dec 2013. 
+Well received. Good feedback (Dan Bernstein, ...)
+
+# What's still needed?
+
+  * Need to convert to HTML and have the whole guide on the web
+  * fix the \texttt{@@@CIPHERSTRINGB@@@} macro in the configuration/ dir
+  * re-review  the configuration/\* files. Maybe crap slipped in 
+due to large commits :(
+  * _WISHLIST_: config generator
+  * _WISHLIST_: automatic compatibility testing
+  * long term maintenance / upkeep strategy
+
+
+# How to participate?
+
+1. We need: cryptologists, sysadmins, hackers
+1. Read the document, find bugs
+1. Master git repo (git.bettercrypto.org) is world-readable. 
+1. Subscribe to the mailing list
+1. look at the TODO.md file
+1. Understand the cipher strings Variant (A) and (B) before proposing some changes
+
+# How to participate? (2)
+1. If you add content to a subsection, make a sample config with variant (B)
+1. **use the \texttt{@@@CIPHERSTRINGB@@@} macro !** :
+  * edit config snippets in \texttt{configuration/\*}
+  * \texttt{make config} to copy over the template from \texttt{configuration/} to \texttt{stage/}
+  * \texttt{make config} basically does: \texttt{sed -i "s/@@@CIPHERSTRINGB@@@/\$cipherstringB/g"}
+1. Use the github.com repo for pull requests
+1. **important:** please do many smaller commits! It's easier to review and merge.
+
+# How to participate? (3)
+We need: 
+  * Add content to an subsection from the TODO list -> send us diffs
+  * Reviewers!
+
+Accept that  your commit might be under quite some scrutiny, that's the game.
+  * **C**ompletely
+  * **O**pen
+  * **S**ource
+  * **H**eaders
+  * **E**ngineering and
+  * **R**esearch
+
+# Links
+
+  * Website: www.bettercrypto.org
+  * Master (read-only) Git repo: https://git.bettercrypto.org
+  * Public github repo for PRs: https://github.com/BetterCrypto/Applied-Crypto-Hardening
+  * Mailing list: http://lists.cert.at/cgi-bin/mailman/listinfo/ach 
+  * IRC: #bettercrypto on freenode
+
+
+
+
+# Thanks
+
+\centerline{Thanks}
+
diff --git a/presentations/HACK.LU-2014/presentation/img/exampleApache-rewrite.png b/presentations/HACK.LU-2014/presentation/img/exampleApache-rewrite.png
new file mode 100644 (file)
index 0000000..a143e9b
Binary files /dev/null and b/presentations/HACK.LU-2014/presentation/img/exampleApache-rewrite.png differ
diff --git a/presentations/HACK.LU-2014/presentation/img/exampleApache.png b/presentations/HACK.LU-2014/presentation/img/exampleApache.png
new file mode 100644 (file)
index 0000000..e6aa58c
Binary files /dev/null and b/presentations/HACK.LU-2014/presentation/img/exampleApache.png differ
diff --git a/presentations/HACK.LU-2014/presentation/img/medical-test.jpg b/presentations/HACK.LU-2014/presentation/img/medical-test.jpg
new file mode 100644 (file)
index 0000000..9ca7574
Binary files /dev/null and b/presentations/HACK.LU-2014/presentation/img/medical-test.jpg differ
diff --git a/presentations/HACK.LU-2014/presentation/img/openssl-s_client.png b/presentations/HACK.LU-2014/presentation/img/openssl-s_client.png
new file mode 100644 (file)
index 0000000..bbdb6db
Binary files /dev/null and b/presentations/HACK.LU-2014/presentation/img/openssl-s_client.png differ
diff --git a/presentations/HACK.LU-2014/presentation/img/ssllabs.png b/presentations/HACK.LU-2014/presentation/img/ssllabs.png
new file mode 100644 (file)
index 0000000..8167d98
Binary files /dev/null and b/presentations/HACK.LU-2014/presentation/img/ssllabs.png differ
diff --git a/presentations/HACK.LU-2014/presentation/img/ssllabs2.png b/presentations/HACK.LU-2014/presentation/img/ssllabs2.png
new file mode 100644 (file)
index 0000000..88efd82
Binary files /dev/null and b/presentations/HACK.LU-2014/presentation/img/ssllabs2.png differ
diff --git a/presentations/HACK.LU-2014/presentation/img/ssllabs3.png b/presentations/HACK.LU-2014/presentation/img/ssllabs3.png
new file mode 100644 (file)
index 0000000..4558a90
Binary files /dev/null and b/presentations/HACK.LU-2014/presentation/img/ssllabs3.png differ
diff --git a/presentations/HACK.LU-2014/presentation/img/sslscan.png b/presentations/HACK.LU-2014/presentation/img/sslscan.png
new file mode 100644 (file)
index 0000000..fe4f995
Binary files /dev/null and b/presentations/HACK.LU-2014/presentation/img/sslscan.png differ