ach-master.git
5 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Mon, 3 Mar 2014 19:20:21 +0000 (19:20 +0000)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

5 years agomake a note on RSA
Aaron Kaplan [Mon, 3 Mar 2014 19:20:04 +0000 (19:20 +0000)]
make a note on RSA

5 years agoSuggestion: Add SSL/TLS versions supported by MS IIS
Pepi Zawodsky [Thu, 27 Feb 2014 21:59:44 +0000 (22:59 +0100)]
Suggestion: Add SSL/TLS versions supported by MS IIS

5 years agoremoved Opera 17 from the list of supported browsers for Cipher A (thanks interfaSys...
Adi Kriegisch [Tue, 25 Feb 2014 08:49:49 +0000 (09:49 +0100)]
removed Opera 17 from the list of supported browsers for Cipher A (thanks interfaSys Sàrl for testing)

5 years agofixed CipherA compatibility (thanks interfaSys Sàrl) and added a reference to choosin...
Adi Kriegisch [Mon, 24 Feb 2014 17:28:44 +0000 (18:28 +0100)]
fixed CipherA compatibility (thanks interfaSys Sàrl) and added a reference to choosing ones own cipher suite

5 years agoadd Alexander Würstlein to authors, we'll need references to affiliation with supersc...
Aaron Zauner [Sun, 23 Feb 2014 19:44:31 +0000 (20:44 +0100)]
add Alexander Würstlein to authors, we'll need references to affiliation with superscript or similar soon

5 years agocreated a new old clients subsection for web servers and moved config hints in there
Adi Kriegisch [Mon, 17 Feb 2014 23:08:17 +0000 (00:08 +0100)]
created a new old clients subsection for web servers and moved config hints in there

5 years agomerging kerberos pull req. by @arwarw via github
Aaron Zauner [Fri, 14 Feb 2014 17:19:38 +0000 (18:19 +0100)]
merging kerberos pull req. by @arwarw via github

5 years agolistlisting is wrong
Alexander Wuerstlein [Fri, 14 Feb 2014 16:33:54 +0000 (17:33 +0100)]
listlisting is wrong

5 years agotypo: one more comma and an unescaped #
Alexander Wuerstlein [Fri, 14 Feb 2014 16:18:49 +0000 (17:18 +0100)]
typo: one more comma and an unescaped #

5 years agotypo: missing commata
Alexander Wuerstlein [Fri, 14 Feb 2014 15:44:01 +0000 (16:44 +0100)]
typo: missing commata

5 years agotypo: missing string name in security.bib
Alexander Wuerstlein [Fri, 14 Feb 2014 15:42:04 +0000 (16:42 +0100)]
typo: missing string name in security.bib

5 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Fri, 14 Feb 2014 13:45:59 +0000 (14:45 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

5 years agoadd presentations from the TF-CSIRT TERENA meeting
Aaron Kaplan [Fri, 14 Feb 2014 13:45:05 +0000 (14:45 +0100)]
add presentations from the TF-CSIRT TERENA meeting

5 years agoBibtex all urls included in comments
Alexander Wuerstlein [Thu, 13 Feb 2014 23:46:26 +0000 (00:46 +0100)]
Bibtex all urls included in comments

5 years agopostfix master.cf: remove spaces
cm [Wed, 12 Feb 2014 19:31:57 +0000 (20:31 +0100)]
postfix master.cf: remove spaces

5 years agoAdded StartTLS.info website for mail servers.
Pepi Zawodsky [Wed, 12 Feb 2014 18:25:17 +0000 (19:25 +0100)]
Added StartTLS.info website for mail servers.

5 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Wed, 12 Feb 2014 10:49:55 +0000 (11:49 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

5 years agoadd some notes
Aaron Kaplan [Wed, 12 Feb 2014 10:49:45 +0000 (11:49 +0100)]
add some notes

5 years agoMerge pull request #53 from hansenerd/master
Aaron Zauner [Wed, 12 Feb 2014 08:26:03 +0000 (09:26 +0100)]
Merge pull request #53 from hansenerd/master

fix nginx Strict-Transport-Security example directive.

5 years agofix nginx Strict-Transport-Security example directive.
Christoph Gebhardt [Tue, 11 Feb 2014 23:02:28 +0000 (00:02 +0100)]
fix nginx Strict-Transport-Security example directive.

5 years agoAdded more details to the OpenVPN warnings.
Pepi Zawodsky [Tue, 11 Feb 2014 19:26:56 +0000 (20:26 +0100)]
Added more details to the OpenVPN warnings.

5 years agoAdded bug report by @bong0 for OpenVPN 2.3.2
Pepi Zawodsky [Tue, 11 Feb 2014 18:41:42 +0000 (19:41 +0100)]
Added bug report by @bong0 for OpenVPN 2.3.2

5 years agomore URLs converted to https
Viktor Szakats [Wed, 5 Feb 2014 20:04:30 +0000 (21:04 +0100)]
more URLs converted to https
removed duplicate link to http://checktls.com in command-line tool section
openssl.net -> openssl.org + https

5 years agoadded 'SSLStrictSNIVHostCheck off' to Apache SNI trick section
Adi Kriegisch [Mon, 3 Feb 2014 22:59:35 +0000 (23:59 +0100)]
added 'SSLStrictSNIVHostCheck off' to Apache SNI trick section

5 years agofix 'typo'
Adi Kriegisch [Mon, 3 Feb 2014 22:45:08 +0000 (23:45 +0100)]
fix 'typo'

5 years agoadded SNI trick to catch old browsers (apache)
Adi Kriegisch [Mon, 3 Feb 2014 22:36:48 +0000 (23:36 +0100)]
added SNI trick to catch old browsers (apache)

5 years agoadded SNI trick to catch old browsers (nginx)
Adi Kriegisch [Mon, 3 Feb 2014 21:30:20 +0000 (22:30 +0100)]
added SNI trick to catch old browsers (nginx)

5 years agoadded tinc as per push request on GitHub by VanNostrand - reformatted to our TeX...
Aaron Zauner [Mon, 3 Feb 2014 11:06:03 +0000 (12:06 +0100)]
added tinc as per push request on GitHub by VanNostrand - reformatted to our TeX layout, got rid of text that won\'t make sense in the paper (openssl stuff, already mentioned a lot in the paper)

5 years agoMerge pull request #48 from vszakats/use-more-https-urls
Aaron Zauner [Mon, 3 Feb 2014 10:36:27 +0000 (02:36 -0800)]
Merge pull request #48 from vszakats/use-more-https-urls

use https for all IETF URLs

5 years agoMerge pull request #49 from berq/master
Aaron Zauner [Mon, 3 Feb 2014 10:33:41 +0000 (02:33 -0800)]
Merge pull request #49 from berq/master

DBs.tex TODO

5 years agoFix copy&paste error
Alexander Wuerstlein [Sun, 2 Feb 2014 19:49:19 +0000 (20:49 +0100)]
Fix copy&paste error

5 years agoFix copy&paste error
Alexander Wuerstlein [Sun, 2 Feb 2014 19:47:38 +0000 (20:47 +0100)]
Fix copy&paste error

5 years agoChange "other protocols" to infrastructure recomm.
Alexander Wuerstlein [Sun, 2 Feb 2014 19:38:27 +0000 (20:38 +0100)]
Change "other protocols" to infrastructure recomm.

Give more general advice on a wider range of problems.
Changes suggested by pforai and azet.

5 years agoremark on passwords
Alexander Wuerstlein [Sun, 2 Feb 2014 19:37:45 +0000 (20:37 +0100)]
remark on passwords

5 years agoChange "other protocols" section to more general infrastructure recommendations
Alexander Wuerstlein [Sun, 2 Feb 2014 19:27:57 +0000 (20:27 +0100)]
Change "other protocols" section to more general infrastructure recommendations

5 years agoChange "other protocols" section to more general infrastructure recommendations
Alexander Wuerstlein [Sun, 2 Feb 2014 19:26:15 +0000 (20:26 +0100)]
Change "other protocols" section to more general infrastructure recommendations

5 years agos/IMB/IBM/
berq [Thu, 30 Jan 2014 19:02:39 +0000 (20:02 +0100)]
s/IMB/IBM/

5 years agoDone the things in the todo.md
berq [Thu, 30 Jan 2014 18:58:37 +0000 (19:58 +0100)]
Done the things in the todo.md

5 years agouse https for all IETF URLs
Viktor Szakats [Thu, 30 Jan 2014 13:19:29 +0000 (14:19 +0100)]
use https for all IETF URLs

5 years agoAdded task for improving the wording of the mailing list site
Pepi Zawodsky [Wed, 29 Jan 2014 20:09:52 +0000 (21:09 +0100)]
Added task for improving the wording of the mailing list site

5 years agoexclude ICS systems
Aaron Kaplan [Mon, 27 Jan 2014 09:09:15 +0000 (10:09 +0100)]
exclude ICS systems

6 years agoTODO Bugfix: Apache should recommend redirect instead of rewrite.
Pepi Zawodsky [Tue, 21 Jan 2014 23:58:04 +0000 (00:58 +0100)]
TODO Bugfix: Apache should recommend redirect instead of rewrite.

6 years agorm -f is as good as if [ -f ... ] ; then rm ...
Aaron Kaplan [Tue, 21 Jan 2014 00:29:26 +0000 (01:29 +0100)]
rm -f is as good as if [ -f ... ] ; then rm ...

6 years agoMerge branch 'master' of github.com:sebix/Applied-Crypto-Hardening into sebix-master
Aaron Kaplan [Mon, 20 Jan 2014 23:26:54 +0000 (00:26 +0100)]
Merge branch 'master' of github.com:sebix/Applied-Crypto-Hardening into sebix-master

6 years agoRevert "Updated make clean to prevent incorrect failures"
Aaron Kaplan [Mon, 20 Jan 2014 23:23:52 +0000 (00:23 +0100)]
Revert "Updated make clean to prevent incorrect failures"

This reverts commit 4a5f09431ac311fd13a553e03cf534903467daee.

6 years agonotes
Aaron Kaplan [Mon, 20 Jan 2014 23:21:10 +0000 (00:21 +0100)]
notes

6 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Mon, 20 Jan 2014 22:21:23 +0000 (23:21 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

6 years agonotes
Aaron Kaplan [Mon, 20 Jan 2014 22:21:11 +0000 (23:21 +0100)]
notes

6 years agoUpdated make clean to prevent incorrect failures
Pepi Zawodsky [Mon, 20 Jan 2014 21:03:16 +0000 (22:03 +0100)]
Updated make clean to prevent incorrect failures

6 years agonotes
Aaron Kaplan [Mon, 20 Jan 2014 20:38:05 +0000 (21:38 +0100)]
notes

6 years agokeep notes
Aaron Kaplan [Mon, 20 Jan 2014 20:21:33 +0000 (21:21 +0100)]
keep notes

6 years agodon't forget things we said during the meeting. put it into TODO.md
Aaron Kaplan [Mon, 20 Jan 2014 19:25:29 +0000 (20:25 +0100)]
don't forget things we said during the meeting. put it into TODO.md

6 years agoadd feedback by Tobias pape
Aaron Kaplan [Mon, 20 Jan 2014 18:53:16 +0000 (19:53 +0100)]
add feedback by Tobias pape

6 years agoSpell checking (used aspell, and dict.cc and wikipedia for reference)
sebix [Mon, 20 Jan 2014 17:44:08 +0000 (18:44 +0100)]
Spell checking (used aspell, and dict.cc and wikipedia for reference)

6 years agowarning in SSH-section about connection problems (has also been requested on mailinglist)
sebix [Mon, 20 Jan 2014 17:41:57 +0000 (18:41 +0100)]
warning in SSH-section about connection problems (has also been requested on mailinglist)

6 years agoMerge branch 'master' into kerberos
Alexander Wuerstlein [Sun, 19 Jan 2014 13:36:22 +0000 (14:36 +0100)]
Merge branch 'master' into kerberos

Conflicts:
src/practical_settings/kerberos.tex

6 years agoAdjusting listing box margin, was too for using texlive 2013, I had 2012
sebix [Sat, 18 Jan 2014 21:22:06 +0000 (22:22 +0100)]
Adjusting listing box margin, was too for using texlive 2013, I had 2012

6 years agoRevert paragraphDiamond
sebix [Fri, 17 Jan 2014 21:53:37 +0000 (22:53 +0100)]
Revert paragraphDiamond

6 years agoMerge branch 'master' of github.com:BetterCrypto/Applied-Crypto-Hardening
sebix [Fri, 17 Jan 2014 11:02:48 +0000 (12:02 +0100)]
Merge branch 'master' of github.com:BetterCrypto/Applied-Crypto-Hardening
and adjust the LaTeX code

Conflicts:
src/practical_settings/mailserver.tex
src/practical_settings/vpn.tex

6 years agoMerge pull request #46 from oglueck/master
Aaron Zauner [Fri, 17 Jan 2014 10:09:05 +0000 (02:09 -0800)]
Merge pull request #46 from oglueck/master

add Openswan

6 years agoadd Openswan
Ortwin Glück [Thu, 16 Jan 2014 16:16:09 +0000 (17:16 +0100)]
add Openswan

6 years agopostfix: docs are wrong, loglevel must be >= 1
cm [Thu, 16 Jan 2014 14:09:57 +0000 (15:09 +0100)]
postfix: docs are wrong, loglevel must be >= 1

6 years agoAdd information on ECDH-params for lighttpd
sebix [Sat, 11 Jan 2014 21:43:03 +0000 (22:43 +0100)]
Add information on ECDH-params for lighttpd

6 years agoMerge branch 'master' of github.com:BetterCrypto/Applied-Crypto-Hardening
sebix [Sat, 11 Jan 2014 21:41:58 +0000 (22:41 +0100)]
Merge branch 'master' of github.com:BetterCrypto/Applied-Crypto-Hardening

6 years agominor change
Aaron Kaplan [Sat, 11 Jan 2014 21:11:44 +0000 (22:11 +0100)]
minor change

6 years agorename TODO.txt to TODO.md so that it is easier to read on github
Aaron Kaplan [Sat, 11 Jan 2014 21:10:33 +0000 (22:10 +0100)]
rename TODO.txt to TODO.md so that it is easier to read on github

6 years agoCorrect merge Error: nginx: "as long as they are > 1024 bits"
sebix [Sat, 11 Jan 2014 21:03:56 +0000 (22:03 +0100)]
Correct merge Error: nginx: "as long as they are > 1024 bits"

6 years agoMerge remote-tracking branch 'upstream/master'
sebix [Sat, 11 Jan 2014 20:24:55 +0000 (21:24 +0100)]
Merge remote-tracking branch 'upstream/master'

6 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Sat, 11 Jan 2014 19:03:57 +0000 (20:03 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

6 years agonote about feedback: explain compression
Aaron Kaplan [Sat, 11 Jan 2014 19:03:35 +0000 (20:03 +0100)]
note about feedback: explain compression

6 years agolast small typographical corrections
sebix [Sat, 11 Jan 2014 18:07:07 +0000 (19:07 +0100)]
last small typographical corrections
paragraphs and empty lines

6 years agoPKI Self-Signing: add a command to create a cert and self-sign it
sebix [Sat, 11 Jan 2014 17:48:27 +0000 (18:48 +0100)]
PKI Self-Signing: add a command to create a cert and self-sign it

6 years agouse the order Tested > Settings > References everywhere, corrected
sebix [Sat, 11 Jan 2014 17:36:01 +0000 (18:36 +0100)]
use the order Tested > Settings > References everywhere, corrected
some typographic issues with paragraphDiamond and paragraph

6 years agoUse compact lists of mdwlist, save space
sebix [Sat, 11 Jan 2014 17:20:45 +0000 (18:20 +0100)]
Use compact lists of mdwlist, save space

6 years agoRemove Heading (scrheadings), Aaron's wish
sebix [Sat, 11 Jan 2014 17:09:40 +0000 (18:09 +0100)]
Remove Heading (scrheadings), Aaron's wish

6 years agoMakefile: "make once" runs pdflatex once; .txt only removed if
sebix [Sat, 11 Jan 2014 17:00:24 +0000 (18:00 +0100)]
Makefile: "make once" runs pdflatex once; .txt only removed if
existing (make otherwise throws an error)

6 years agoLaTeX-Code cleanup, syntax uniformed and correct typography, new
sebix [Sat, 11 Jan 2014 16:57:13 +0000 (17:57 +0100)]
LaTeX-Code cleanup, syntax uniformed and correct typography, new
command: \paragraphDiamond{heading}
it makes a paragraph and afterwards displays a \diamond, should be
used when you need something below \subsubsection. It is more
space-saving than \paragraph{heading}\mbox{}\\

6 years agoUse UTF-8 for umlauts, copying them out of the PDF does now work,
sebix [Sat, 11 Jan 2014 14:05:35 +0000 (15:05 +0100)]
Use UTF-8 for umlauts, copying them out of the PDF does now work,
corrected some HTML-Umlauts

6 years agoMerge branch 'master' of github.com:BetterCrypto/Applied-Crypto-Hardening
sebix [Sat, 11 Jan 2014 13:54:28 +0000 (14:54 +0100)]
Merge branch 'master' of github.com:BetterCrypto/Applied-Crypto-Hardening

Conflicts:
src/acknowledgements.tex
src/applied-crypto-hardening.tex
src/cipherStringB.txt
src/disclaimer.tex
src/perlify.pl
src/practical_settings.tex
src/practical_settings/DBs.tex
src/practical_settings/GPG.tex
src/practical_settings/im.tex
src/practical_settings/mailserver.tex
src/practical_settings/ssh.tex
src/practical_settings/vpn.tex
src/practical_settings/webserver.tex
src/reviewers.tex

6 years agoAdded very experimental TXT export
Pepi Zawodsky [Fri, 10 Jan 2014 18:39:17 +0000 (19:39 +0100)]
Added very experimental TXT export

6 years agoAdded a tools to check for mixed SSL on your website
Pepi Zawodsky [Fri, 10 Jan 2014 18:38:11 +0000 (19:38 +0100)]
Added a tools to check for mixed SSL on your website

6 years agocorrection for F.Mendel's association: it is A-Sit and IAIK.
Aaron Kaplan [Thu, 9 Jan 2014 14:51:36 +0000 (15:51 +0100)]
correction for F.Mendel's association: it is A-Sit and IAIK.

6 years agoadd recommended reading
Alexander Wuerstlein [Thu, 9 Jan 2014 14:39:04 +0000 (15:39 +0100)]
add recommended reading

reference http://gost.isi.edu/publications/kerberos-neuman-tso.html

6 years agoMerge pull request #44 from mathisdt/master
Aaron Zauner [Wed, 8 Jan 2014 20:01:12 +0000 (12:01 -0800)]
Merge pull request #44 from mathisdt/master

added tested versions and harmonized references to Debian Versions

6 years agoadded tested versions and harmonized references to Debian Versions (Wheezy makes...
Mathis Dirksen-Thedens [Wed, 8 Jan 2014 18:32:14 +0000 (19:32 +0100)]
added tested versions and harmonized references to Debian Versions (Wheezy makes more sense than 7.0 or 7.3)

6 years agoremove leftover text fragment
Alexander Wuerstlein [Wed, 8 Jan 2014 11:17:37 +0000 (12:17 +0100)]
remove leftover text fragment

6 years agothe last _ fix did not fix it. Add a \url and escape #
Aaron Kaplan [Tue, 7 Jan 2014 23:15:18 +0000 (00:15 +0100)]
the last _ fix did not fix it. Add a \url and escape #

6 years agofixed underscore in url
Adi Kriegisch [Tue, 7 Jan 2014 22:11:16 +0000 (23:11 +0100)]
fixed underscore in url

6 years agoadded todo to lighttpd (ec curve selection and dh parameters file)
Adi Kriegisch [Tue, 7 Jan 2014 22:08:04 +0000 (23:08 +0100)]
added todo to lighttpd (ec curve selection and dh parameters file)

6 years agoDBs.tex still had a hardcoded cipherstring B text and no @@@CIPHERSTRINGB@@@ macro!
Aaron Kaplan [Tue, 7 Jan 2014 22:05:18 +0000 (23:05 +0100)]
DBs.tex still had a hardcoded cipherstring B text and no @@@CIPHERSTRINGB@@@ macro!
This was wrong. If we decide to use cipherstring B everywhere, then we need to also do it here.

6 years agoRNGs.tex already had moved to src/theory/ . Remove outdated version in src/
Aaron Kaplan [Tue, 7 Jan 2014 21:57:27 +0000 (22:57 +0100)]
RNGs.tex already had moved to src/theory/ . Remove outdated version in src/

6 years agoremember topics we said in the meeting
Aaron Kaplan [Tue, 7 Jan 2014 21:36:08 +0000 (22:36 +0100)]
remember topics we said in the meeting

6 years agofix intendation in openssh section
Aaron Zauner [Tue, 7 Jan 2014 20:36:18 +0000 (21:36 +0100)]
fix intendation in openssh section

6 years agoadd openssh section for debian wheezy/openssh6.0
Aaron Zauner [Tue, 7 Jan 2014 20:18:37 +0000 (21:18 +0100)]
add openssh section for debian wheezy/openssh6.0

6 years agoMerge pull request #43 from ax3l/fix-openSSH64kex
Aaron Zauner [Tue, 7 Jan 2014 19:50:56 +0000 (11:50 -0800)]
Merge pull request #43 from ax3l/fix-openSSH64kex

Remove curve25519-sha256@libssh.org for now

6 years agoRemove curve25519-sha256@libssh.org for now
Axel Huebl [Tue, 7 Jan 2014 19:41:26 +0000 (20:41 +0100)]
Remove curve25519-sha256@libssh.org for now

It did not make it in the last OpenSSH release,
we will re-add it with the next release, together with
chacha20-poly1305@openssh.com, ssh-ed25519,
ssh-ed25519-cert-v01@openssh.com and others.

6 years agoMerge pull request #39 from fxkr/openssh-permitrootlogin-without-password
Aaron Zauner [Tue, 7 Jan 2014 19:27:40 +0000 (11:27 -0800)]
Merge pull request #39 from fxkr/openssh-permitrootlogin-without-password

openssh: PermitRootLogin: no -> without-password

6 years agoLaTeX comment on how to remove the draft watermark
Aaron Kaplan [Tue, 7 Jan 2014 19:03:27 +0000 (20:03 +0100)]
LaTeX comment on how to remove the draft watermark

6 years agoupdated/fixed keylength recommendations based on Ecrypt Paper
Adi Kriegisch [Tue, 7 Jan 2014 19:00:06 +0000 (20:00 +0100)]
updated/fixed keylength recommendations based on Ecrypt Paper