\footnote{\url{http://safecurves.cr.yp.to}}.
Most software configured to rely on ECC (be it client or server) is
not able to promote or black-list certain curves. It is the hope of
-the authors that such functionality will widely be deployed soon.
+the authors that such functionality will be deployed widely soon.
The authors of this paper include configurations and recommendations
with and without ECC - the reader may choose to adopt those settings
as he finds best suited to his environment. The authors will not make
\subsection{Known insecure and weak cipher suites}
-\todo{PG: please write this section. List all known broken, obsolete, weak and insecure cipher suites}
+\todo{PG: please write this section. List all known broken, obsolete, weak and insecure cipher suites . Or even better: find the best site which keeps track of outdated cipher suites and simply reference it. We do not want to maintain such a list ourselves!}
\subsection{Compatibility}
-\todo{write this section. The idea here is to document which server version (and openssl) we assumed, then list all clients which are supported for Variant A) and B)}
+\todo{write this section. The idea here is to first document which server (and openssl) version we assumed. Once these parameters are fixe, we then list all clients which are supported for Variant A) and B). Therefore we can document compatibilities to some extent. The sysadmin can then chose roughly what he looses or gains by omitting certain cipher suites.}
\subsection{Chosing your own cipher suites}
git.bettercrypto.org / ach-master.git / commitdiff